Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/freetds-1.2.3/include/replacements/poll.h
Examining data/freetds-1.2.3/include/replacements/readpassphrase.h
Examining data/freetds-1.2.3/include/bkpublic.h
Examining data/freetds-1.2.3/include/cspublic.h
Examining data/freetds-1.2.3/include/cstypes.h
Examining data/freetds-1.2.3/include/ctpublic.h
Examining data/freetds-1.2.3/include/sqldb.h
Examining data/freetds-1.2.3/include/sqlfront.h
Examining data/freetds-1.2.3/include/sybdb.h
Examining data/freetds-1.2.3/include/sybfront.h
Examining data/freetds-1.2.3/include/syberror.h
Examining data/freetds-1.2.3/include/odbcss.h
Examining data/freetds-1.2.3/include/ctlib.h
Examining data/freetds-1.2.3/include/dblib.h
Examining data/freetds-1.2.3/include/replacements.h
Examining data/freetds-1.2.3/include/freetds/utils/string.h
Examining data/freetds-1.2.3/include/freetds/utils/dlist.h
Examining data/freetds-1.2.3/include/freetds/utils/dlist.tmpl.h
Examining data/freetds-1.2.3/include/freetds/utils/bjoern-utf8.h
Examining data/freetds-1.2.3/include/freetds/utils/md4.h
Examining data/freetds-1.2.3/include/freetds/utils/des.h
Examining data/freetds-1.2.3/include/freetds/utils/md5.h
Examining data/freetds-1.2.3/include/freetds/utils/hmac_md5.h
Examining data/freetds-1.2.3/include/freetds/iconv.h
Examining data/freetds-1.2.3/include/freetds/convert.h
Examining data/freetds-1.2.3/include/freetds/bytes.h
Examining data/freetds-1.2.3/include/freetds/thread.h
Examining data/freetds-1.2.3/include/freetds/version.h
Examining data/freetds-1.2.3/include/freetds/server.h
Examining data/freetds-1.2.3/include/freetds/configs.h
Examining data/freetds-1.2.3/include/freetds/enum_cap.h
Examining data/freetds-1.2.3/include/freetds/sysdep_private.h
Examining data/freetds-1.2.3/include/freetds/stream.h
Examining data/freetds-1.2.3/include/freetds/data.h
Examining data/freetds-1.2.3/include/freetds/pushvis.h
Examining data/freetds-1.2.3/include/freetds/popvis.h
Examining data/freetds-1.2.3/include/freetds/time.h
Examining data/freetds-1.2.3/include/freetds/tls.h
Examining data/freetds-1.2.3/include/freetds/bool.h
Examining data/freetds-1.2.3/include/freetds/checks.h
Examining data/freetds-1.2.3/include/freetds/alloca.h
Examining data/freetds-1.2.3/include/freetds/macros.h
Examining data/freetds-1.2.3/include/freetds/windows.h
Examining data/freetds-1.2.3/include/freetds/utils.h
Examining data/freetds-1.2.3/include/freetds/encodings.h
Examining data/freetds-1.2.3/include/freetds/charset_lookup.h
Examining data/freetds-1.2.3/include/freetds/odbc.h
Examining data/freetds-1.2.3/include/freetds/proto.h
Examining data/freetds-1.2.3/include/freetds/tds.h
Examining data/freetds-1.2.3/src/utils/md4.c
Examining data/freetds-1.2.3/src/utils/md5.c
Examining data/freetds-1.2.3/src/utils/des.c
Examining data/freetds-1.2.3/src/utils/hmac_md5.c
Examining data/freetds-1.2.3/src/utils/dlist.c
Examining data/freetds-1.2.3/src/utils/getpassarg.c
Examining data/freetds-1.2.3/src/utils/sleep.c
Examining data/freetds-1.2.3/src/utils/tds_cond.c
Examining data/freetds-1.2.3/src/utils/win_mutex.c
Examining data/freetds-1.2.3/src/utils/threadsafe.c
Examining data/freetds-1.2.3/src/utils/bjoern-utf8.c
Examining data/freetds-1.2.3/src/utils/tdsstring.c
Examining data/freetds-1.2.3/src/utils/net.c
Examining data/freetds-1.2.3/src/utils/ptw32_MCS_lock.c
Examining data/freetds-1.2.3/src/utils/unittests/bytes.c
Examining data/freetds-1.2.3/src/utils/unittests/challenge.c
Examining data/freetds-1.2.3/src/utils/unittests/condition.c
Examining data/freetds-1.2.3/src/utils/unittests/dlist.c
Examining data/freetds-1.2.3/src/utils/unittests/mutex1.c
Examining data/freetds-1.2.3/src/utils/unittests/passarg.c
Examining data/freetds-1.2.3/src/replacements/asprintf.c
Examining data/freetds-1.2.3/src/replacements/basename.c
Examining data/freetds-1.2.3/src/replacements/daemon.c
Examining data/freetds-1.2.3/src/replacements/getopt.c
Examining data/freetds-1.2.3/src/replacements/readpassphrase.c
Examining data/freetds-1.2.3/src/replacements/strlcat.c
Examining data/freetds-1.2.3/src/replacements/strlcpy.c
Examining data/freetds-1.2.3/src/replacements/strsep.c
Examining data/freetds-1.2.3/src/replacements/strtok_r.c
Examining data/freetds-1.2.3/src/replacements/vasprintf.c
Examining data/freetds-1.2.3/src/replacements/iconv.c
Examining data/freetds-1.2.3/src/replacements/gettimeofday.c
Examining data/freetds-1.2.3/src/replacements/poll.c
Examining data/freetds-1.2.3/src/replacements/socketpair.c
Examining data/freetds-1.2.3/src/replacements/getaddrinfo.c
Examining data/freetds-1.2.3/src/replacements/iconv_charsets.h
Examining data/freetds-1.2.3/src/replacements/unittests/strings.c
Examining data/freetds-1.2.3/src/replacements/unittests/strsep.c
Examining data/freetds-1.2.3/src/replacements/unittests/strtok_r.c
Examining data/freetds-1.2.3/src/tds/tds_willconvert.h
Examining data/freetds-1.2.3/src/tds/num_limits.h
Examining data/freetds-1.2.3/src/tds/tds_types.h
Examining data/freetds-1.2.3/src/tds/util.c
Examining data/freetds-1.2.3/src/tds/login.c
Examining data/freetds-1.2.3/src/tds/read.c
Examining data/freetds-1.2.3/src/tds/write.c
Examining data/freetds-1.2.3/src/tds/convert.c
Examining data/freetds-1.2.3/src/tds/numeric.c
Examining data/freetds-1.2.3/src/tds/config.c
Examining data/freetds-1.2.3/src/tds/iconv.c
Examining data/freetds-1.2.3/src/tds/locale.c
Examining data/freetds-1.2.3/src/tds/vstrbuild.c
Examining data/freetds-1.2.3/src/tds/getmac.c
Examining data/freetds-1.2.3/src/tds/tls.c
Examining data/freetds-1.2.3/src/tds/tds_checks.c
Examining data/freetds-1.2.3/src/tds/log.c
Examining data/freetds-1.2.3/src/tds/bulk.c
Examining data/freetds-1.2.3/src/tds/packet.c
Examining data/freetds-1.2.3/src/tds/stream.c
Examining data/freetds-1.2.3/src/tds/random.c
Examining data/freetds-1.2.3/src/tds/sec_negotiate.c
Examining data/freetds-1.2.3/src/tds/sec_negotiate_gnutls.h
Examining data/freetds-1.2.3/src/tds/sec_negotiate_openssl.h
Examining data/freetds-1.2.3/src/tds/challenge.c
Examining data/freetds-1.2.3/src/tds/gssapi.c
Examining data/freetds-1.2.3/src/tds/unittests/common.c
Examining data/freetds-1.2.3/src/tds/unittests/common.h
Examining data/freetds-1.2.3/src/tds/unittests/utf8.c
Examining data/freetds-1.2.3/src/tds/unittests/allcolumns.c
Examining data/freetds-1.2.3/src/tds/unittests/charconv.c
Examining data/freetds-1.2.3/src/tds/unittests/collations.c
Examining data/freetds-1.2.3/src/tds/unittests/convert.c
Examining data/freetds-1.2.3/src/tds/unittests/corrupt.c
Examining data/freetds-1.2.3/src/tds/unittests/dataread.c
Examining data/freetds-1.2.3/src/tds/unittests/declarations.c
Examining data/freetds-1.2.3/src/tds/unittests/dynamic1.c
Examining data/freetds-1.2.3/src/tds/unittests/freeze.c
Examining data/freetds-1.2.3/src/tds/unittests/iconv_fread.c
Examining data/freetds-1.2.3/src/tds/unittests/nulls.c
Examining data/freetds-1.2.3/src/tds/unittests/numeric.c
Examining data/freetds-1.2.3/src/tds/unittests/parsing.c
Examining data/freetds-1.2.3/src/tds/unittests/portconf.c
Examining data/freetds-1.2.3/src/tds/unittests/readconf.c
Examining data/freetds-1.2.3/src/tds/unittests/t0001.c
Examining data/freetds-1.2.3/src/tds/unittests/t0002.c
Examining data/freetds-1.2.3/src/tds/unittests/t0003.c
Examining data/freetds-1.2.3/src/tds/unittests/t0004.c
Examining data/freetds-1.2.3/src/tds/unittests/t0005.c
Examining data/freetds-1.2.3/src/tds/unittests/t0006.c
Examining data/freetds-1.2.3/src/tds/unittests/t0007.c
Examining data/freetds-1.2.3/src/tds/unittests/t0008.c
Examining data/freetds-1.2.3/src/tds/unittests/toodynamic.c
Examining data/freetds-1.2.3/src/tds/unittests/utf8_1.c
Examining data/freetds-1.2.3/src/tds/unittests/utf8_2.c
Examining data/freetds-1.2.3/src/tds/unittests/utf8_3.c
Examining data/freetds-1.2.3/src/tds/data.c
Examining data/freetds-1.2.3/src/tds/mem.c
Examining data/freetds-1.2.3/src/tds/net.c
Examining data/freetds-1.2.3/src/tds/query.c
Examining data/freetds-1.2.3/src/tds/sspi.c
Examining data/freetds-1.2.3/src/tds/token.c
Examining data/freetds-1.2.3/src/ctlib/ct.c
Examining data/freetds-1.2.3/src/ctlib/cs.c
Examining data/freetds-1.2.3/src/ctlib/blk.c
Examining data/freetds-1.2.3/src/ctlib/ctutil.c
Examining data/freetds-1.2.3/src/ctlib/winmain.c
Examining data/freetds-1.2.3/src/ctlib/unittests/common.c
Examining data/freetds-1.2.3/src/ctlib/unittests/common.h
Examining data/freetds-1.2.3/src/ctlib/unittests/all_types.c
Examining data/freetds-1.2.3/src/ctlib/unittests/array_bind.c
Examining data/freetds-1.2.3/src/ctlib/unittests/blk_in.h
Examining data/freetds-1.2.3/src/ctlib/unittests/blk_in.c
Examining data/freetds-1.2.3/src/ctlib/unittests/blk_in2.c
Examining data/freetds-1.2.3/src/ctlib/unittests/blk_out.c
Examining data/freetds-1.2.3/src/ctlib/unittests/cancel.c
Examining data/freetds-1.2.3/src/ctlib/unittests/connect_fail.c
Examining data/freetds-1.2.3/src/ctlib/unittests/cs_config.c
Examining data/freetds-1.2.3/src/ctlib/unittests/cs_convert.c
Examining data/freetds-1.2.3/src/ctlib/unittests/cs_diag.c
Examining data/freetds-1.2.3/src/ctlib/unittests/ct_cursor.c
Examining data/freetds-1.2.3/src/ctlib/unittests/ct_cursors.c
Examining data/freetds-1.2.3/src/ctlib/unittests/ct_diagall.c
Examining data/freetds-1.2.3/src/ctlib/unittests/ct_diagclient.c
Examining data/freetds-1.2.3/src/ctlib/unittests/ct_diagserver.c
Examining data/freetds-1.2.3/src/ctlib/unittests/ct_dynamic.c
Examining data/freetds-1.2.3/src/ctlib/unittests/ct_options.c
Examining data/freetds-1.2.3/src/ctlib/unittests/data.c
Examining data/freetds-1.2.3/src/ctlib/unittests/datafmt.c
Examining data/freetds-1.2.3/src/ctlib/unittests/get_send_data.c
Examining data/freetds-1.2.3/src/ctlib/unittests/lang_ct_param.c
Examining data/freetds-1.2.3/src/ctlib/unittests/long_binary.c
Examining data/freetds-1.2.3/src/ctlib/unittests/row_count.c
Examining data/freetds-1.2.3/src/ctlib/unittests/rpc_ct_param.c
Examining data/freetds-1.2.3/src/ctlib/unittests/rpc_ct_setparam.c
Examining data/freetds-1.2.3/src/ctlib/unittests/rpc_fail.c
Examining data/freetds-1.2.3/src/ctlib/unittests/t0001.c
Examining data/freetds-1.2.3/src/ctlib/unittests/t0002.c
Examining data/freetds-1.2.3/src/ctlib/unittests/t0003.c
Examining data/freetds-1.2.3/src/ctlib/unittests/t0004.c
Examining data/freetds-1.2.3/src/ctlib/unittests/t0005.c
Examining data/freetds-1.2.3/src/ctlib/unittests/t0007.c
Examining data/freetds-1.2.3/src/ctlib/unittests/t0008.c
Examining data/freetds-1.2.3/src/ctlib/unittests/t0009.c
Examining data/freetds-1.2.3/src/ctlib/unittests/will_convert.c
Examining data/freetds-1.2.3/src/dblib/dbutil.c
Examining data/freetds-1.2.3/src/dblib/rpc.c
Examining data/freetds-1.2.3/src/dblib/bcp.c
Examining data/freetds-1.2.3/src/dblib/xact.c
Examining data/freetds-1.2.3/src/dblib/dbpivot.c
Examining data/freetds-1.2.3/src/dblib/dbopen.c
Examining data/freetds-1.2.3/src/dblib/winmain.c
Examining data/freetds-1.2.3/src/dblib/unittests/common.c
Examining data/freetds-1.2.3/src/dblib/unittests/common.h
Examining data/freetds-1.2.3/src/dblib/unittests/batch_stmt_ins_sel.c
Examining data/freetds-1.2.3/src/dblib/unittests/batch_stmt_ins_upd.c
Examining data/freetds-1.2.3/src/dblib/unittests/bcp.c
Examining data/freetds-1.2.3/src/dblib/unittests/bcp.h
Examining data/freetds-1.2.3/src/dblib/unittests/bcp_getl.c
Examining data/freetds-1.2.3/src/dblib/unittests/cancel.c
Examining data/freetds-1.2.3/src/dblib/unittests/canquery.c
Examining data/freetds-1.2.3/src/dblib/unittests/colinfo.c
Examining data/freetds-1.2.3/src/dblib/unittests/dbmorecmds.c
Examining data/freetds-1.2.3/src/dblib/unittests/dbsafestr.c
Examining data/freetds-1.2.3/src/dblib/unittests/done_handling.c
Examining data/freetds-1.2.3/src/dblib/unittests/empty_rowsets.c
Examining data/freetds-1.2.3/src/dblib/unittests/hang.c
Examining data/freetds-1.2.3/src/dblib/unittests/null.c
Examining data/freetds-1.2.3/src/dblib/unittests/null2.c
Examining data/freetds-1.2.3/src/dblib/unittests/numeric.c
Examining data/freetds-1.2.3/src/dblib/unittests/pending.c
Examining data/freetds-1.2.3/src/dblib/unittests/rpc.c
Examining data/freetds-1.2.3/src/dblib/unittests/setnull.c
Examining data/freetds-1.2.3/src/dblib/unittests/spid.c
Examining data/freetds-1.2.3/src/dblib/unittests/string_bind.c
Examining data/freetds-1.2.3/src/dblib/unittests/t0001.c
Examining data/freetds-1.2.3/src/dblib/unittests/t0002.c
Examining data/freetds-1.2.3/src/dblib/unittests/t0003.c
Examining data/freetds-1.2.3/src/dblib/unittests/t0004.c
Examining data/freetds-1.2.3/src/dblib/unittests/t0005.c
Examining data/freetds-1.2.3/src/dblib/unittests/t0006.c
Examining data/freetds-1.2.3/src/dblib/unittests/t0007.c
Examining data/freetds-1.2.3/src/dblib/unittests/t0008.c
Examining data/freetds-1.2.3/src/dblib/unittests/t0009.c
Examining data/freetds-1.2.3/src/dblib/unittests/t0011.c
Examining data/freetds-1.2.3/src/dblib/unittests/t0012.c
Examining data/freetds-1.2.3/src/dblib/unittests/t0013.c
Examining data/freetds-1.2.3/src/dblib/unittests/t0014.c
Examining data/freetds-1.2.3/src/dblib/unittests/t0015.c
Examining data/freetds-1.2.3/src/dblib/unittests/t0016.c
Examining data/freetds-1.2.3/src/dblib/unittests/t0017.c
Examining data/freetds-1.2.3/src/dblib/unittests/t0018.c
Examining data/freetds-1.2.3/src/dblib/unittests/t0019.c
Examining data/freetds-1.2.3/src/dblib/unittests/t0020.c
Examining data/freetds-1.2.3/src/dblib/unittests/t0022.c
Examining data/freetds-1.2.3/src/dblib/unittests/t0023.c
Examining data/freetds-1.2.3/src/dblib/unittests/text_buffer.c
Examining data/freetds-1.2.3/src/dblib/unittests/thread.c
Examining data/freetds-1.2.3/src/dblib/unittests/timeout.c
Examining data/freetds-1.2.3/src/dblib/buffering.h
Examining data/freetds-1.2.3/src/dblib/dblib.c
Examining data/freetds-1.2.3/src/odbc/convert_tds2sql.c
Examining data/freetds-1.2.3/src/odbc/descriptor.c
Examining data/freetds-1.2.3/src/odbc/prepare_query.c
Examining data/freetds-1.2.3/src/odbc/odbc_util.c
Examining data/freetds-1.2.3/src/odbc/bcp.c
Examining data/freetds-1.2.3/src/odbc/native.c
Examining data/freetds-1.2.3/src/odbc/sql2tds.c
Examining data/freetds-1.2.3/src/odbc/error.c
Examining data/freetds-1.2.3/src/odbc/odbc_checks.c
Examining data/freetds-1.2.3/src/odbc/sqlwchar.c
Examining data/freetds-1.2.3/src/odbc/sqlwparams.h
Examining data/freetds-1.2.3/src/odbc/odbc_export.h
Examining data/freetds-1.2.3/src/odbc/error_export.h
Examining data/freetds-1.2.3/src/odbc/odbc_data.c
Examining data/freetds-1.2.3/src/odbc/winlogin.c
Examining data/freetds-1.2.3/src/odbc/winsetup.c
Examining data/freetds-1.2.3/src/odbc/winmain.c
Examining data/freetds-1.2.3/src/odbc/resource.h
Examining data/freetds-1.2.3/src/odbc/unittests/common.c
Examining data/freetds-1.2.3/src/odbc/unittests/common.h
Examining data/freetds-1.2.3/src/odbc/unittests/all_types.c
Examining data/freetds-1.2.3/src/odbc/unittests/array.c
Examining data/freetds-1.2.3/src/odbc/unittests/array_error.c
Examining data/freetds-1.2.3/src/odbc/unittests/array_out.c
Examining data/freetds-1.2.3/src/odbc/unittests/attributes.c
Examining data/freetds-1.2.3/src/odbc/unittests/bcp.c
Examining data/freetds-1.2.3/src/odbc/unittests/binary_test.c
Examining data/freetds-1.2.3/src/odbc/unittests/blob1.c
Examining data/freetds-1.2.3/src/odbc/unittests/cancel.c
Examining data/freetds-1.2.3/src/odbc/unittests/closestmt.c
Examining data/freetds-1.2.3/src/odbc/unittests/compute.c
Examining data/freetds-1.2.3/src/odbc/unittests/connect.c
Examining data/freetds-1.2.3/src/odbc/unittests/connect2.c
Examining data/freetds-1.2.3/src/odbc/unittests/const_params.c
Examining data/freetds-1.2.3/src/odbc/unittests/copydesc.c
Examining data/freetds-1.2.3/src/odbc/unittests/cursor1.c
Examining data/freetds-1.2.3/src/odbc/unittests/cursor2.c
Examining data/freetds-1.2.3/src/odbc/unittests/data.c
Examining data/freetds-1.2.3/src/odbc/unittests/cursor3.c
Examining data/freetds-1.2.3/src/odbc/unittests/cursor4.c
Examining data/freetds-1.2.3/src/odbc/unittests/cursor5.c
Examining data/freetds-1.2.3/src/odbc/unittests/cursor6.c
Examining data/freetds-1.2.3/src/odbc/unittests/cursor7.c
Examining data/freetds-1.2.3/src/odbc/unittests/c2string.c
Examining data/freetds-1.2.3/src/odbc/unittests/parser.c
Examining data/freetds-1.2.3/src/odbc/unittests/parser.h
Examining data/freetds-1.2.3/src/odbc/unittests/date.c
Examining data/freetds-1.2.3/src/odbc/unittests/descrec.c
Examining data/freetds-1.2.3/src/odbc/unittests/describecol.c
Examining data/freetds-1.2.3/src/odbc/unittests/describecol2.c
Examining data/freetds-1.2.3/src/odbc/unittests/earlybind.c
Examining data/freetds-1.2.3/src/odbc/unittests/empty_query.c
Examining data/freetds-1.2.3/src/odbc/unittests/error.c
Examining data/freetds-1.2.3/src/odbc/unittests/freeclose.c
Examining data/freetds-1.2.3/src/odbc/unittests/funccall.c
Examining data/freetds-1.2.3/src/odbc/unittests/genparams.c
Examining data/freetds-1.2.3/src/odbc/unittests/getdata.c
Examining data/freetds-1.2.3/src/odbc/unittests/hidden.c
Examining data/freetds-1.2.3/src/odbc/unittests/insert_speed.c
Examining data/freetds-1.2.3/src/odbc/unittests/lang_error.c
Examining data/freetds-1.2.3/src/odbc/unittests/mars1.c
Examining data/freetds-1.2.3/src/odbc/unittests/long_error.c
Examining data/freetds-1.2.3/src/odbc/unittests/moreandcount.c
Examining data/freetds-1.2.3/src/odbc/unittests/norowset.c
Examining data/freetds-1.2.3/src/odbc/unittests/oldpwd.c
Examining data/freetds-1.2.3/src/odbc/unittests/paramcore.c
Examining data/freetds-1.2.3/src/odbc/unittests/params.c
Examining data/freetds-1.2.3/src/odbc/unittests/peter.c
Examining data/freetds-1.2.3/src/odbc/unittests/prepare_warn.c
Examining data/freetds-1.2.3/src/odbc/unittests/prepclose.c
Examining data/freetds-1.2.3/src/odbc/unittests/preperror.c
Examining data/freetds-1.2.3/src/odbc/unittests/print.c
Examining data/freetds-1.2.3/src/odbc/unittests/putdata.c
Examining data/freetds-1.2.3/src/odbc/unittests/qn.c
Examining data/freetds-1.2.3/src/odbc/unittests/raiserror.c
Examining data/freetds-1.2.3/src/odbc/unittests/rebindpar.c
Examining data/freetds-1.2.3/src/odbc/unittests/rowset.c
Examining data/freetds-1.2.3/src/odbc/unittests/rpc.c
Examining data/freetds-1.2.3/src/odbc/unittests/scroll.c
Examining data/freetds-1.2.3/src/odbc/unittests/stats.c
Examining data/freetds-1.2.3/src/odbc/unittests/t0001.c
Examining data/freetds-1.2.3/src/odbc/unittests/t0002.c
Examining data/freetds-1.2.3/src/odbc/unittests/t0003.c
Examining data/freetds-1.2.3/src/odbc/unittests/t0004.c
Examining data/freetds-1.2.3/src/odbc/unittests/tables.c
Examining data/freetds-1.2.3/src/odbc/unittests/test64.c
Examining data/freetds-1.2.3/src/odbc/unittests/testodbc.c
Examining data/freetds-1.2.3/src/odbc/unittests/timeout.c
Examining data/freetds-1.2.3/src/odbc/unittests/timeout2.c
Examining data/freetds-1.2.3/src/odbc/unittests/timeout3.c
Examining data/freetds-1.2.3/src/odbc/unittests/timeout4.c
Examining data/freetds-1.2.3/src/odbc/unittests/transaction.c
Examining data/freetds-1.2.3/src/odbc/unittests/transaction2.c
Examining data/freetds-1.2.3/src/odbc/unittests/transaction3.c
Examining data/freetds-1.2.3/src/odbc/unittests/transaction4.c
Examining data/freetds-1.2.3/src/odbc/unittests/type.c
Examining data/freetds-1.2.3/src/odbc/unittests/typeinfo.c
Examining data/freetds-1.2.3/src/odbc/unittests/utf8.c
Examining data/freetds-1.2.3/src/odbc/unittests/utf8_2.c
Examining data/freetds-1.2.3/src/odbc/unittests/utf8_3.c
Examining data/freetds-1.2.3/src/odbc/unittests/utf8_4.c
Examining data/freetds-1.2.3/src/odbc/unittests/warning.c
Examining data/freetds-1.2.3/src/odbc/unittests/wchar.c
Examining data/freetds-1.2.3/src/odbc/unittests/convert_error.c
Examining data/freetds-1.2.3/src/odbc/unittests/prepare_results.c
Examining data/freetds-1.2.3/src/odbc/connectparams.c
Examining data/freetds-1.2.3/src/odbc/odbc.c
Examining data/freetds-1.2.3/src/server/query.c
Examining data/freetds-1.2.3/src/server/server.c
Examining data/freetds-1.2.3/src/server/login.c
Examining data/freetds-1.2.3/src/server/unittest.c
Examining data/freetds-1.2.3/src/pool/config.c
Examining data/freetds-1.2.3/src/pool/main.c
Examining data/freetds-1.2.3/src/pool/member.c
Examining data/freetds-1.2.3/src/pool/user.c
Examining data/freetds-1.2.3/src/pool/util.c
Examining data/freetds-1.2.3/src/pool/pool.h
Examining data/freetds-1.2.3/src/apps/bsqldb.c
Examining data/freetds-1.2.3/src/apps/bsqlodbc.c
Examining data/freetds-1.2.3/src/apps/datacopy.c
Examining data/freetds-1.2.3/src/apps/defncopy.c
Examining data/freetds-1.2.3/src/apps/freebcp.c
Examining data/freetds-1.2.3/src/apps/freebcp.h
Examining data/freetds-1.2.3/src/apps/fisql/fisql.c
Examining data/freetds-1.2.3/src/apps/fisql/terminal.h
Examining data/freetds-1.2.3/src/apps/fisql/terminal.c
Examining data/freetds-1.2.3/src/apps/fisql/edit.h
Examining data/freetds-1.2.3/src/apps/fisql/edit.c
Examining data/freetds-1.2.3/src/apps/fisql/handlers.h
Examining data/freetds-1.2.3/src/apps/fisql/handlers.c
Examining data/freetds-1.2.3/src/apps/fisql/interrupt.h
Examining data/freetds-1.2.3/src/apps/fisql/interrupt.c
Examining data/freetds-1.2.3/src/apps/tsql.c
Examining data/freetds-1.2.3/samples/debug.c
Examining data/freetds-1.2.3/samples/dyntest.c
Examining data/freetds-1.2.3/win32/freetds/sysconfdir.h
Examining data/freetds-1.2.3/win32/initnet.c
Examining data/freetds-1.2.3/vms/edit.c
Examining data/freetds-1.2.3/vms/getpass.c
Examining data/freetds-1.2.3/vms/vargdefs.h
Examining data/freetds-1.2.3/vms/vmsarg_mapping_bcp.c
Examining data/freetds-1.2.3/vms/vmsarg_mapping_defncopy.c
Examining data/freetds-1.2.3/vms/vmsarg_mapping_isql.c
Examining data/freetds-1.2.3/vms/vmsarg_parse.c
Examining data/freetds-1.2.3/vms/stdint.h
Examining data/freetds-1.2.3/misc/cmake_checks.c
FINAL RESULTS:
data/freetds-1.2.3/include/freetds/sysdep_private.h:88:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/freetds-1.2.3/include/freetds/sysdep_private.h:88:18: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/freetds-1.2.3/src/apps/bsqldb.c:587:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(options.headers, metadata[c].format_string, metadata[c].name);
data/freetds-1.2.3/src/apps/bsqldb.c:592:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(options.headers, metadata[c].format_string, dashes);
data/freetds-1.2.3/src/apps/bsqldb.c:624:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(metadata[c].format_string, ""); /* col/row separator */
data/freetds-1.2.3/src/apps/bsqldb.c:630:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(metadata[c].format_string, "NULL");
data/freetds-1.2.3/src/apps/bsqldb.c:635:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(metadata[c].format_string, data[c].buffer);
data/freetds-1.2.3/src/apps/bsqldb.c:659:6: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(options.headers, fmt, meta->name);
data/freetds-1.2.3/src/apps/bsqldb.c:664:6: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(options.headers, metacompute[row_code-1]->meta[c].format_string, dashes);
data/freetds-1.2.3/src/apps/bsqldb.c:674:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(meta->format_string, "NULL");
data/freetds-1.2.3/src/apps/bsqldb.c:679:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(meta->format_string, data->buffer);
data/freetds-1.2.3/src/apps/bsqlodbc.c:391:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, query_line);
data/freetds-1.2.3/src/apps/bsqlodbc.c:393:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(p, query_line);
data/freetds-1.2.3/src/apps/bsqlodbc.c:621:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(options.headers, metadata[c].format_string, metadata[c].name);
data/freetds-1.2.3/src/apps/bsqlodbc.c:626:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(options.headers, metadata[c].format_string, dashes);
data/freetds-1.2.3/src/apps/bsqlodbc.c:645:6: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(metadata[c].format_string, "NULL");
data/freetds-1.2.3/src/apps/bsqlodbc.c:650:6: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(metadata[c].format_string, data[c].buffer);
data/freetds-1.2.3/src/apps/datacopy.c:414:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ls_command, "SET FMTONLY ON select * from %s SET FMTONLY OFF", sobjname);
data/freetds-1.2.3/src/apps/datacopy.c:429:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ls_command, "CREATE TABLE %s%s%s ", owner, owner[0] ? "." : "", dobjname);
data/freetds-1.2.3/src/apps/datacopy.c:505:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ls_command, "SET FMTONLY ON select * from %s SET FMTONLY OFF", sobjname);
data/freetds-1.2.3/src/apps/datacopy.c:528:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ls_command, "SET FMTONLY ON select * from %s SET FMTONLY OFF", dobjname);
data/freetds-1.2.3/src/apps/datacopy.c:612:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ls_command, "truncate table %s", params->dest.dbobject);
data/freetds-1.2.3/src/apps/datacopy.c:631:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ls_command, "select * from %s", params->src.dbobject);
data/freetds-1.2.3/src/apps/defncopy.c:403:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(index_description, "%s %s", unique, pclustering);
data/freetds-1.2.3/src/apps/defncopy.c:790:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(use_statement, "USE %s\nGO\n\n", dbname);
data/freetds-1.2.3/src/apps/fisql/edit.c:49:3: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp(editor, editor, arg, (char *) 0);
data/freetds-1.2.3/src/apps/fisql/fisql.c:335:15: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
switch (rv = system(cmd)) {
data/freetds-1.2.3/src/apps/fisql/fisql.c:615:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(sybenv, optarg);
data/freetds-1.2.3/src/apps/tsql.c:289:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message, "using TDS version %s", version);
data/freetds-1.2.3/src/apps/tsql.c:523:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(minus_flags, opt_flags_str);
data/freetds-1.2.3/src/apps/tsql.c:690:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(*mybuf + *buflen, s);
data/freetds-1.2.3/src/apps/tsql.c:913:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mybuf + buflen, s);
data/freetds-1.2.3/src/ctlib/cs.c:1036:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)buffer, locale->charset);
data/freetds-1.2.3/src/ctlib/cs.c:1051:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)buffer, locale->language);
data/freetds-1.2.3/src/ctlib/cs.c:1071:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)buffer, locale->language);
data/freetds-1.2.3/src/ctlib/cs.c:1077:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)buffer + tlen, locale->charset);
data/freetds-1.2.3/src/ctlib/cs.c:1092:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)buffer, locale->collate);
data/freetds-1.2.3/src/ctlib/ct.c:2721:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char*) buffer, cursor->cursor_name);
data/freetds-1.2.3/src/ctlib/ct.c:3048:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cmd->iodesc->name, iodesc->name);
data/freetds-1.2.3/src/ctlib/ct.c:3070:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(iodesc->name, cmd->iodesc->name);
data/freetds-1.2.3/src/ctlib/unittests/blk_in.c:225:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command,"if exists (select 1 from sysobjects where type = 'U' and name = '%s') drop table %s",
data/freetds-1.2.3/src/ctlib/unittests/blk_in2.c:83:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "if exists (select 1 from sysobjects where type = 'U' and name = '%s') drop table %s",
data/freetds-1.2.3/src/ctlib/unittests/common.c:76:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(USER, common_pwd.USER);
data/freetds-1.2.3/src/ctlib/unittests/common.c:77:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(PASSWORD, common_pwd.PASSWORD);
data/freetds-1.2.3/src/ctlib/unittests/common.c:78:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(SERVER, common_pwd.SERVER);
data/freetds-1.2.3/src/ctlib/unittests/common.c:79:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(DATABASE, common_pwd.DATABASE);
data/freetds-1.2.3/src/ctlib/unittests/common.c:100:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(USER, s2);
data/freetds-1.2.3/src/ctlib/unittests/common.c:102:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(SERVER, s2);
data/freetds-1.2.3/src/ctlib/unittests/common.c:104:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(PASSWORD, s2);
data/freetds-1.2.3/src/ctlib/unittests/common.c:106:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(DATABASE, s2);
data/freetds-1.2.3/src/ctlib/unittests/common.c:131:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(options.USER, optarg);
data/freetds-1.2.3/src/ctlib/unittests/common.c:134:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(options.PASSWORD, optarg);
data/freetds-1.2.3/src/ctlib/unittests/common.c:137:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(options.SERVER, optarg);
data/freetds-1.2.3/src/ctlib/unittests/common.c:140:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(options.DATABASE, optarg);
data/freetds-1.2.3/src/ctlib/unittests/common.c:165:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(USER, options.USER);
data/freetds-1.2.3/src/ctlib/unittests/common.c:167:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(PASSWORD, options.PASSWORD);
data/freetds-1.2.3/src/ctlib/unittests/common.c:169:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(SERVER, options.SERVER);
data/freetds-1.2.3/src/ctlib/unittests/common.c:171:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(DATABASE, options.DATABASE);
data/freetds-1.2.3/src/ctlib/unittests/common.c:294:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(query, "use %s", DATABASE);
data/freetds-1.2.3/src/ctlib/unittests/ct_cursor.c:570:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(text, "update #test_table2 set col1 = '%s' ", value);
data/freetds-1.2.3/src/ctlib/unittests/ct_dynamic.c:55:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
data/freetds-1.2.3/src/ctlib/unittests/ct_options.c:32:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(common_pwd.SERVER, argv[1]);
data/freetds-1.2.3/src/ctlib/unittests/ct_options.c:33:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(common_pwd.DATABASE, argv[2]);
data/freetds-1.2.3/src/ctlib/unittests/ct_options.c:34:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(common_pwd.USER, argv[3]);
data/freetds-1.2.3/src/ctlib/unittests/ct_options.c:35:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(common_pwd.PASSWORD, argv[4]);
data/freetds-1.2.3/src/ctlib/unittests/get_send_data.c:53:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(len600, temp);
data/freetds-1.2.3/src/ctlib/unittests/get_send_data.c:60:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(len800, temp);
data/freetds-1.2.3/src/ctlib/unittests/get_send_data.c:88:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(large_sql, "INSERT #test_table (id, name) VALUES (2, '%s')", len600);
data/freetds-1.2.3/src/ctlib/unittests/t0002.c:246:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(fmt, col[i].datafmt.name);
data/freetds-1.2.3/src/ctlib/unittests/t0002.c:256:6: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(fmt, col[i].data);
data/freetds-1.2.3/src/ctlib/unittests/t0003.c:40:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(len600, temp);
data/freetds-1.2.3/src/ctlib/unittests/t0003.c:61:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(large_sql, "INSERT #test_table (id, name) VALUES (2, '%s')", len600);
data/freetds-1.2.3/src/dblib/dblib.c:1468:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(query, name);
data/freetds-1.2.3/src/dblib/dblib.c:7329:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(timestr, asctime(gmtime(&currtime)));
data/freetds-1.2.3/src/dblib/dblib.c:8281:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, int_exit_text, rc_name, msgno);
data/freetds-1.2.3/src/dblib/dbpivot.c:368:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(output, sep);
data/freetds-1.2.3/src/dblib/dbpivot.c:369:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(output, *p);
data/freetds-1.2.3/src/dblib/dbpivot.c:924:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
s += sprintf(s, "%s: ", names[i]);
data/freetds-1.2.3/src/dblib/dbpivot.c:926:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
s += sprintf(s, "%s%d", sep, *p);
data/freetds-1.2.3/src/dblib/unittests/batch_stmt_ins_sel.c:47:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(SERVER, argv[0]);
data/freetds-1.2.3/src/dblib/unittests/batch_stmt_ins_upd.c:46:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(SERVER, argv[0]);
data/freetds-1.2.3/src/dblib/unittests/bcp.c:203:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s..%s", DATABASE, table_name);
data/freetds-1.2.3/src/dblib/unittests/common.c:185:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename, PWD);
data/freetds-1.2.3/src/dblib/unittests/common.c:195:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s/%s", (DIRNAME) ? DIRNAME : ".", PWD);
data/freetds-1.2.3/src/dblib/unittests/common.c:210:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(USER, s2);
data/freetds-1.2.3/src/dblib/unittests/common.c:212:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(SERVER, s2);
data/freetds-1.2.3/src/dblib/unittests/common.c:214:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(PASSWORD, s2);
data/freetds-1.2.3/src/dblib/unittests/common.c:216:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(DATABASE, s2);
data/freetds-1.2.3/src/dblib/unittests/common.c:224:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(USER, options.username);
data/freetds-1.2.3/src/dblib/unittests/common.c:228:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(PASSWORD, options.password);
data/freetds-1.2.3/src/dblib/unittests/common.c:232:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(SERVER, options.servername);
data/freetds-1.2.3/src/dblib/unittests/common.c:236:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(DATABASE, options.database);
data/freetds-1.2.3/src/dblib/unittests/common.h:46:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/freetds-1.2.3/src/dblib/unittests/common.h:46:18: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/freetds-1.2.3/src/dblib/unittests/null.c:45:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(sql, n);
data/freetds-1.2.3/src/dblib/unittests/t0001.c:46:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(SERVER, argv[0]);
data/freetds-1.2.3/src/dblib/unittests/t0013.c:124:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(objname, TABLE_NAME ".PigTure");
data/freetds-1.2.3/src/dblib/unittests/t0016.c:18:9: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
data/freetds-1.2.3/src/dblib/unittests/t0016.c:65:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(in_file, INFILE_NAME);
data/freetds-1.2.3/src/dblib/unittests/t0016.c:68:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(in_file, "%s_%d", INFILE_NAME, n);
data/freetds-1.2.3/src/dblib/unittests/t0016.c:117:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(in_file, "%s.in", fn);
data/freetds-1.2.3/src/odbc/connectparams.c:504:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
p += sprintf(p, "%s=%.*s;", odbc_param_names[n], (int) params[n].len, params[n].p);
data/freetds-1.2.3/src/odbc/error.c:434:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(errs->errs[n].state3, errs->errs[n].state2);
data/freetds-1.2.3/src/odbc/error.c:445:49: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
#define SQLS_MAP(v2,v3) if (strcmp(p,v2) == 0) {strcpy(p,v3); return;}
data/freetds-1.2.3/src/odbc/odbc.c:304:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(query, "SET TRANSACTION ISOLATION LEVEL %s", level);
data/freetds-1.2.3/src/odbc/odbc.c:6065:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(sql, sql_templ, odbc_swap_datetime_sql_type(fSqlType, 0));
data/freetds-1.2.3/src/odbc/odbc.c:6068:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(sql, sql_templ, fSqlType);
data/freetds-1.2.3/src/odbc/odbc.c:6076:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(sql, sql_templ, odbc_swap_datetime_sql_type(fSqlType, 2));
data/freetds-1.2.3/src/odbc/odbc.c:7366:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, begin);
data/freetds-1.2.3/src/odbc/unittests/array.c:70:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(odbc_err, C(err));
data/freetds-1.2.3/src/odbc/unittests/array.c:71:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(odbc_sqlstate, C(state));
data/freetds-1.2.3/src/odbc/unittests/array.c:188:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(failure ? "Failed :(\n" : "Success!\n");
data/freetds-1.2.3/src/odbc/unittests/attributes.c:21:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, msg, ap);
data/freetds-1.2.3/src/odbc/unittests/blob1.c:263:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(strchr(sql, 0), ",f%u %s", t->num, t->db_type);
data/freetds-1.2.3/src/odbc/unittests/c2string.c:80:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(s, "%" PRId64, IN.bi);
data/freetds-1.2.3/src/odbc/unittests/common.c:53:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(path, file);
data/freetds-1.2.3/src/odbc/unittests/common.c:71:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s=%s", name, value);
data/freetds-1.2.3/src/odbc/unittests/common.c:127:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(odbc_user, s2);
data/freetds-1.2.3/src/odbc/unittests/common.c:129:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(odbc_server, s2);
data/freetds-1.2.3/src/odbc/unittests/common.c:131:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(odbc_password, s2);
data/freetds-1.2.3/src/odbc/unittests/common.c:133:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(odbc_database, s2);
data/freetds-1.2.3/src/odbc/unittests/common.c:149:55: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if ( (int)unixspec != 0 && (int)unixspec != -1 ) strcpy(path, unixspec);
data/freetds-1.2.3/src/odbc/unittests/common.c:166:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(odbc_driver, path);
data/freetds-1.2.3/src/odbc/unittests/common.c:301:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "use %s", odbc_database);
data/freetds-1.2.3/src/odbc/unittests/common.c:500:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(db_str_version, C(buf));
data/freetds-1.2.3/src/odbc/unittests/common.c:671:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(odbc_err, C(err));
data/freetds-1.2.3/src/odbc/unittests/common.c:672:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(odbc_sqlstate, C(state));
data/freetds-1.2.3/src/odbc/unittests/compute.c:28:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "line %d: wrong name in column %d expected '%s' got '%s'", \
data/freetds-1.2.3/src/odbc/unittests/connect.c:79:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "DSN=%s;UID=%s;PWD=%s;DATABASE=%s;", odbc_server, odbc_user, odbc_password, odbc_database);
data/freetds-1.2.3/src/odbc/unittests/connect.c:90:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "DRIVER=FreeTDS;SERVERNAME=%s;UID=%s;PWD=%s;DATABASE=%s;", odbc_server, odbc_user, odbc_password, odbc_database);
data/freetds-1.2.3/src/odbc/unittests/connect.c:104:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "DRIVER=%s;SERVERNAME=%s;UID=%s;PWD=%s;DATABASE=%s;", odbc_driver, odbc_server, odbc_user, odbc_password, odbc_database);
data/freetds-1.2.3/src/odbc/unittests/connect.c:117:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "DRIVER=FreeTDS;SERVER=%s;UID=%s;PWD=%s;DATABASE=%s;", entry, odbc_user, odbc_password, odbc_database);
data/freetds-1.2.3/src/odbc/unittests/connect.c:119:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(strchr(tmp, 0), "TDS_Version=%s;", entry);
data/freetds-1.2.3/src/odbc/unittests/connect.c:121:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(strchr(tmp, 0), "Port=%s;", entry);
data/freetds-1.2.3/src/odbc/unittests/connect.c:143:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "DSN=%s;UID=%s;PWD=%s;DATABASE=%s;APP=%s", odbc_server, odbc_user, odbc_password, odbc_database, app_name);
data/freetds-1.2.3/src/odbc/unittests/connect2.c:49:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sql, "IF DB_NAME() <> '%s' SELECT 1", dbname);
data/freetds-1.2.3/src/odbc/unittests/connect2.c:99:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "DSN=%s;UID=%s;PWD=%s;DATABASE=%s;", odbc_server, odbc_user, odbc_password, odbc_database);
data/freetds-1.2.3/src/odbc/unittests/connect2.c:108:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "DSN=%s;UID=%s;PWD=%s;", odbc_server, odbc_user, odbc_password);
data/freetds-1.2.3/src/odbc/unittests/convert_error.c:24:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sql, "insert into #test_output values (%s, %s)", bind1, bind2);
data/freetds-1.2.3/src/odbc/unittests/cursor1.c:31:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(sql_buf, insert_sql, data, i);
data/freetds-1.2.3/src/odbc/unittests/data.c:35:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sbuf, "SELECT CONVERT(%s, '%s') AS data", type, value_to_convert);
data/freetds-1.2.3/src/odbc/unittests/data.c:38:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sbuf, "SELECT CONVERT(%s, %s) COLLATE Latin1_General_CI_AS AS data", type, value_to_convert);
data/freetds-1.2.3/src/odbc/unittests/data.c:40:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sbuf, "SELECT CONVERT(%s, %s)", type, value_to_convert);
data/freetds-1.2.3/src/odbc/unittests/data.c:42:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sbuf, "SELECT CONVERT(SQL_VARIANT, %s) AS data", value_to_convert);
data/freetds-1.2.3/src/odbc/unittests/data.c:44:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sbuf, "SELECT CONVERT(%s, %s) AS data", type, value_to_convert);
data/freetds-1.2.3/src/odbc/unittests/freeclose.c:342:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "DRIVER={SQL Server};SERVER=127.0.0.1,%d;UID=%s;PWD=%s;DATABASE=%s;Network=DBMSSOCN;", port, odbc_user, odbc_password, odbc_database);
data/freetds-1.2.3/src/odbc/unittests/funccall.c:226:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sql, "{call [%s]..TMP_SP_Test_ODBC(?)}", C(out));
data/freetds-1.2.3/src/odbc/unittests/genparams.c:48:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sbuf, "CREATE PROC spTestProc @i %s OUTPUT AS SELECT @i = CONVERT(%s, %s%s%s)", type, type, sep, value_to_convert, sep);
data/freetds-1.2.3/src/odbc/unittests/genparams.c:126:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sbuf, "SELECT CONVERT(%s, %s%.*s%s)", type, sep, (int) value_len, value_to_convert, sep);
data/freetds-1.2.3/src/odbc/unittests/genparams.c:139:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sbuf, "CREATE TABLE #tmp_insert (col %s)", param_type);
data/freetds-1.2.3/src/odbc/unittests/genparams.c:179:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sbuf, "SELECT * FROM #tmp_insert WHERE CONVERT(VARCHAR(255), col) = CONVERT(VARCHAR(255), %s%s%s)", sep, expected, sep);
data/freetds-1.2.3/src/odbc/unittests/genparams.c:181:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sbuf, "SELECT * FROM #tmp_insert WHERE CONVERT(NVARCHAR(2000), col) = CONVERT(NVARCHAR(2000), %s%s%s)", sep, expected, sep);
data/freetds-1.2.3/src/odbc/unittests/genparams.c:183:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sbuf, "SELECT * FROM #tmp_insert WHERE CONVERT(VARBINARY(255), col) = CONVERT(VARBINARY(255), %s%s%s)", sep, expected, sep);
data/freetds-1.2.3/src/odbc/unittests/genparams.c:185:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sbuf, "SELECT * FROM #tmp_insert WHERE col = CONVERT(%s, %s%s%s)", param_type, sep, expected, sep);
data/freetds-1.2.3/src/odbc/unittests/genparams.c:208:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sbuf, "CREATE TABLE #tmp_insert (col %s NULL)", param_type);
data/freetds-1.2.3/src/odbc/unittests/getdata.c:15:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sql, "SELECT '%s'", data);
data/freetds-1.2.3/src/odbc/unittests/getdata.c:66:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sql, "SELECT CONVERT(%sTEXT,'Prova' + REPLICATE('x',500))", n_flag);
data/freetds-1.2.3/src/odbc/unittests/getdata.c:108:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sql, "SELECT CONVERT(%sVARCHAR(100), 'Other test')", n_flag);
data/freetds-1.2.3/src/odbc/unittests/mars1.c:71:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "insert into #mars1 values(%d, '%s')", i, buf);
data/freetds-1.2.3/src/odbc/unittests/parser.c:19:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, msg, ap);
data/freetds-1.2.3/src/odbc/unittests/qn.c:110:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(message, buf);
data/freetds-1.2.3/src/odbc/unittests/raiserror.c:269:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(sql, create_proc, nocount ? " SET NOCOUNT ON\n" : "",
data/freetds-1.2.3/src/odbc/unittests/rebindpar.c:26:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sql, "SELECT 1 FROM #tmp1 WHERE c = '%s'", buf);
data/freetds-1.2.3/src/odbc/unittests/rowset.c:61:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sql, "INSERT INTO #rowset(n,c) VALUES(%d,'%s')", i+1, s);
data/freetds-1.2.3/src/odbc/unittests/rpc.c:39:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "if exists (select 1 from sysobjects where name = '%s' and type = 'P') "
data/freetds-1.2.3/src/odbc/unittests/rpc.c:45:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(cmd, procedure_sql, name);
data/freetds-1.2.3/src/odbc/unittests/rpc.c:108:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(call_cmd, "{?=call %s(?,?,?,?,?)}", name );
data/freetds-1.2.3/src/odbc/unittests/rpc.c:211:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(drop_proc, proc_name);
data/freetds-1.2.3/src/odbc/unittests/stats.c:32:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sql, "CREATE PROC stat_proc(@t %s) AS RETURN 0", type);
data/freetds-1.2.3/src/odbc/unittests/stats.c:58:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sql, "CREATE TABLE stat_t(t %s)", type);
data/freetds-1.2.3/src/odbc/unittests/tables.c:29:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "wrong name in column %d expected '%s' got '%s'", index, expected_name, C(name)); \
data/freetds-1.2.3/src/odbc/unittests/tables.c:63:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(table_buf, table);
data/freetds-1.2.3/src/odbc/unittests/tables.c:143:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(type, "'%s'", expected_type);
data/freetds-1.2.3/src/odbc/unittests/tables.c:150:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(type, "TABLE,'%s'", expected_type);
data/freetds-1.2.3/src/odbc/unittests/tables.c:162:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(type, "'%s'", expected_type);
data/freetds-1.2.3/src/odbc/unittests/testodbc.c:14:28: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define AB_FUNCT(x) do { printf x; printf("\n"); } while(0)
data/freetds-1.2.3/src/odbc/unittests/testodbc.c:15:28: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define AB_PRINT(x) do { printf x; printf("\n"); } while(0)
data/freetds-1.2.3/src/odbc/unittests/testodbc.c:20:47: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define AB_ERROR(x) do { printf("ERROR: "); printf x; printf("\n"); } while(0)
data/freetds-1.2.3/src/odbc/unittests/transaction.c:21:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(createProcedure,
data/freetds-1.2.3/src/odbc/unittests/transaction2.c:16:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(odbc_err, C(err));
data/freetds-1.2.3/src/odbc/unittests/transaction2.c:17:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(odbc_sqlstate, C(state));
data/freetds-1.2.3/src/odbc/unittests/transaction4.c:37:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(odbc_err, C(err));
data/freetds-1.2.3/src/odbc/unittests/transaction4.c:38:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(odbc_sqlstate, C(state));
data/freetds-1.2.3/src/odbc/unittests/typeinfo.c:15:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "wrong name in column %d expected '%s' got '%s'", index, expected_name, C(name)); \
data/freetds-1.2.3/src/odbc/unittests/utf8.c:39:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "DELETE FROM %s", table_name);
data/freetds-1.2.3/src/odbc/unittests/utf8.c:43:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "INSERT INTO %s VALUES(?,?,?)", table_name);
data/freetds-1.2.3/src/odbc/unittests/utf8.c:68:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "IF NOT EXISTS(SELECT * FROM %s WHERE k = %d AND c = %s AND vc = %s) SELECT 1", table_name, (int) n, p[0], p[1]);
data/freetds-1.2.3/src/odbc/unittests/utf8.c:102:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "IF OBJECT_ID(N'%s') IS NOT NULL DROP TABLE %s", table_name, table_name);
data/freetds-1.2.3/src/odbc/unittests/utf8.c:104:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "CREATE TABLE %s (k int, c NCHAR(10), vc NVARCHAR(10))", table_name);
data/freetds-1.2.3/src/odbc/unittests/utf8.c:109:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "INSERT INTO %s VALUES (%d,N'%s',N'%s')", table_name, (int) n, p[0], p[1]);
data/freetds-1.2.3/src/odbc/unittests/utf8.c:115:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "IF NOT EXISTS(SELECT * FROM %s WHERE k = %d AND c = %s AND vc = %s) SELECT 1", table_name, (int) n, p[0], p[1]);
data/freetds-1.2.3/src/odbc/unittests/utf8.c:124:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "IF OBJECT_ID(N'%s') IS NOT NULL DROP TABLE %s", table_name, table_name);
data/freetds-1.2.3/src/odbc/unittests/utf8_2.c:70:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "INSERT INTO #tmp(i, %s) VALUES(%d, CAST(%s AS NVARCHAR(20)))",
data/freetds-1.2.3/src/odbc/winsetup.c:130:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(build, str);
data/freetds-1.2.3/src/odbc/winsetup.c:404:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lpszMsg, msg);
data/freetds-1.2.3/src/pool/user.c:412:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg, "Changed database context to '%s'.", database);
data/freetds-1.2.3/src/replacements/readpassphrase.c:218:1: [4] (misc) getpass:
This function is obsolete and not portable. It was in SUSv2 but removed by
POSIX.2. What it does exactly varies considerably between systems,
particularly in where its prompt is displayed and where it gets its data
(e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations
overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do
exactly what you want. If you continue to use it, or write your own, be
sure to zero the password as soon as possible to avoid leaving the
cleartext password visible in the process' address space.
getpass(const char *prompt)
data/freetds-1.2.3/src/replacements/unittests/strtok_r.c:44:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(c1, s);
data/freetds-1.2.3/src/replacements/unittests/strtok_r.c:45:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(c2, s);
data/freetds-1.2.3/src/replacements/vasprintf.c:37:8: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#undef vsnprintf
data/freetds-1.2.3/src/replacements/vasprintf.c:39:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define vsnprintf _vsnprintf
data/freetds-1.2.3/src/replacements/vasprintf.c:56:4: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(*ret, fmt, ap);
data/freetds-1.2.3/src/replacements/vasprintf.c:77:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
len = vsnprintf(buf, buflen, fmt, ap);
data/freetds-1.2.3/src/replacements/vasprintf.c:107:50: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# error Win32 do not have /dev/null, should use vsnprintf version
data/freetds-1.2.3/src/replacements/vasprintf.c:117:8: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
len = vfprintf(fp, fmt, ap);
data/freetds-1.2.3/src/replacements/vasprintf.c:130:6: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
if (vsprintf(buf, fmt, ap) != len)
data/freetds-1.2.3/src/tds/bulk.c:240:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp, clause->pb);
data/freetds-1.2.3/src/tds/bulk.c:253:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(clause->pb, column_type);
data/freetds-1.2.3/src/tds/config.c:1100:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pathname, dir);
data/freetds-1.2.3/src/tds/config.c:1101:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(pathname, TDS_SDIR_SEPARATOR);
data/freetds-1.2.3/src/tds/config.c:1103:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(pathname, file);
data/freetds-1.2.3/src/tds/config.c:1145:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp_ver, field);
data/freetds-1.2.3/src/tds/config.c:1147:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp_ip, field);
data/freetds-1.2.3/src/tds/config.c:1150:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp_port, field);
data/freetds-1.2.3/src/tds/convert.c:722:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(tmp_str, "%" PRId64, buf);
data/freetds-1.2.3/src/tds/convert.c:800:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(tmp_str, "%" PRIu64, buf);
data/freetds-1.2.3/src/tds/convert.c:2063:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(last_token, tok);
data/freetds-1.2.3/src/tds/convert.c:3003:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(our_format, format);
data/freetds-1.2.3/src/tds/convert.c:3022:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pz + prec, format + (pz - our_format) + 2);
data/freetds-1.2.3/src/tds/convert.c:3024:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pz - 1, format + (pz - our_format) + 2);
data/freetds-1.2.3/src/tds/getmac.c:64:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ifr.ifr_name, IFR->ifr_name);
data/freetds-1.2.3/src/tds/log.c:234:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
pbuf += sprintf(pbuf, " (%s:%d)", fname, line);
data/freetds-1.2.3/src/tds/log.c:236:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
pbuf += sprintf(pbuf, "%s:%d", fname, line);
data/freetds-1.2.3/src/tds/log.c:387:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(dumpfile, fmt, ap);
data/freetds-1.2.3/src/tds/query.c:807:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(out, fmt, curcol->column_prec, curcol->column_scale);
data/freetds-1.2.3/src/tds/query.c:884:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(out, fmt, size > 0 ? MIN(size, max_len) : 1u);
data/freetds-1.2.3/src/tds/query.c:3426:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "SET ANSI_NULLS %s", param->ti ? "ON" : "OFF");
data/freetds-1.2.3/src/tds/query.c:3441:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "SET IMPLICIT_TRANSACTIONS %s", param->ti ? "ON" : "OFF");
data/freetds-1.2.3/src/tds/query.c:3444:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "SET CURSOR_CLOSE_ON_COMMIT %s", param->ti ? "ON" : "OFF");
data/freetds-1.2.3/src/tds/query.c:3447:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "SET NOCOUNT %s", param->ti ? "ON" : "OFF");
data/freetds-1.2.3/src/tds/query.c:3450:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "SET QUOTED_IDENTIFIER %s", param->ti ? "ON" : "OFF");
data/freetds-1.2.3/src/tds/query.c:3453:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "SET ANSI_WARNINGS %s", param->ti ? "OFF" : "ON");
data/freetds-1.2.3/src/tds/query.c:3467:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "SET DATEFORMAT %s", datefmt);
data/freetds-1.2.3/src/tds/unittests/collations.c:100:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sql, "SELECT CAST(CAST('a' AS NVARCHAR(10)) COLLATE %s AS VARCHAR(10)) COLLATE %s", name, name);
data/freetds-1.2.3/src/tds/unittests/collations.c:127:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cp, curcol->char_conv->to.charset.name);
data/freetds-1.2.3/src/tds/unittests/common.c:38:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(USER, s2);
data/freetds-1.2.3/src/tds/unittests/common.c:40:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(SERVER, s2);
data/freetds-1.2.3/src/tds/unittests/common.c:42:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(PASSWORD, s2);
data/freetds-1.2.3/src/tds/unittests/common.c:44:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(DATABASE, s2);
data/freetds-1.2.3/src/tds/unittests/corrupt.c:53:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf + (tds->out_buf_max - 8) / char_len - strlen(select_query) + 1, select_query);
data/freetds-1.2.3/src/tds/unittests/dataread.c:65:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "CREATE TABLE #tmp(a %s)", type);
data/freetds-1.2.3/src/tds/unittests/dataread.c:79:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "INSERT INTO #tmp VALUES(CONVERT(%s,'%s'))", type, value);
data/freetds-1.2.3/src/tds/unittests/t0004.c:50:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(strchr(long_query, 0), "name = '%c%s' OR ", 'A'+i, len200);
data/freetds-1.2.3/src/tds/unittests/t0005.c:53:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(large_sql, "INSERT #test_table (id, name) VALUES (0, 'A%s')", len200);
data/freetds-1.2.3/src/tds/unittests/t0005.c:58:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(large_sql, "INSERT #test_table (id, name) VALUES (1, 'B%s')", len200);
data/freetds-1.2.3/src/tds/unittests/t0005.c:63:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(large_sql, "INSERT #test_table (id, name) VALUES (2, 'C%s')", len200);
data/freetds-1.2.3/src/tds/unittests/t0007.c:107:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "len=%d %s", res, cr.c);
data/freetds-1.2.3/src/tds/unittests/t0007.c:418:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(expected, "%s.0000", *value);
data/freetds-1.2.3/src/tds/unittests/t0007.c:420:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(expected, *value);
data/freetds-1.2.3/src/tds/unittests/t0008.c:36:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(result, intro);
data/freetds-1.2.3/src/tds/unittests/utf8_1.c:75:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "CREATE TABLE #tmp (i INT, t %s)", type);
data/freetds-1.2.3/src/tds/unittests/utf8_1.c:80:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "insert into #tmp values(%d, N'%s')", i, to_utf8(*s, tmp));
data/freetds-1.2.3/src/tds/unittests/utf8_1.c:125:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, to_utf8(strings[i], tmp));
data/freetds-1.2.3/src/tds/unittests/utf8_1.c:206:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, japanese);
data/freetds-1.2.3/src/tds/unittests/utf8_2.c:68:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "select convert(varchar(255), 0x%s%s%s)", prefix, tmp, suffix);
data/freetds-1.2.3/src/tds/unittests/utf8_2.c:135:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s%s%s", prefix, tmp, suffix);
data/freetds-1.2.3/src/tds/unittests/utf8_3.c:40:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(query, "SELECT 1 AS [%s]", tmp);
data/freetds-1.2.3/src/utils/threadsafe.c:130:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(str, usecs);
data/freetds-1.2.3/vms/getpass.c:128:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(myprompt, "\n%s", prompt);
data/freetds-1.2.3/vms/getpass.c:266:1: [4] (misc) getpass:
This function is obsolete and not portable. It was in SUSv2 but removed by
POSIX.2. What it does exactly varies considerably between systems,
particularly in where its prompt is displayed and where it gets its data
(e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations
overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do
exactly what you want. If you continue to use it, or write your own, be
sure to zero the password as soon as possible to avoid leaving the
cleartext password visible in the process' address space.
getpass(const char *prompt)
data/freetds-1.2.3/vms/getpass.c:288:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, s);
data/freetds-1.2.3/vms/vmsarg_parse.c:141:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(command, verb);
data/freetds-1.2.3/vms/vmsarg_parse.c:142:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(command, command_args);
data/freetds-1.2.3/vms/vmsarg_parse.c:186:52: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (unix_arg[i][0] != '$') strcpy(qual_template, unix_arg[i]);
data/freetds-1.2.3/vms/vmsarg_parse.c:192:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qual_template, unix_narg[i]);
data/freetds-1.2.3/vms/vmsarg_parse.c:215:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(value_template, qual_template);
data/freetds-1.2.3/vms/vmsarg_parse.c:225:33: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newargv[arg_count], qual_template);
data/freetds-1.2.3/vms/vmsarg_parse.c:258:25: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(value_template, value);
data/freetds-1.2.3/vms/vmsarg_parse.c:262:41: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(value_template, separator[i]);
data/freetds-1.2.3/vms/vmsarg_parse.c:271:33: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newargv[arg_count], value_template);
data/freetds-1.2.3/vms/vmsarg_parse.c:293:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newargv[arg_count], value_template);
data/freetds-1.2.3/vms/vmsarg_parse.c:337:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(arg_string, arg_element);
data/freetds-1.2.3/vms/vmsarg_parse.c:363:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp, keywords); /* don't muck up caller's string. */
data/freetds-1.2.3/vms/vmsarg_parse.c:392:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp, keywords); /* don't screw up caller's string. */
data/freetds-1.2.3/vms/vmsarg_parse.c:399:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(string, field);
data/freetds-1.2.3/vms/vmsarg_parse.c:516:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(date_1, date_2);
data/freetds-1.2.3/vms/vmsarg_parse.c:562:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
} else strcpy(hour_1, hour_2);
data/freetds-1.2.3/vms/vmsarg_parse.c:587:33: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(date_string, year_4);
data/freetds-1.2.3/vms/vmsarg_parse.c:592:33: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(date_string, year_2);
data/freetds-1.2.3/vms/vmsarg_parse.c:597:33: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(date_string, month_name);
data/freetds-1.2.3/vms/vmsarg_parse.c:602:33: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(date_string, month_2);
data/freetds-1.2.3/vms/vmsarg_parse.c:607:33: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(date_string, month_1);
data/freetds-1.2.3/vms/vmsarg_parse.c:612:33: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(date_string, date_2);
data/freetds-1.2.3/vms/vmsarg_parse.c:617:33: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(date_string, date_1);
data/freetds-1.2.3/vms/vmsarg_parse.c:622:33: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(date_string, hour_2);
data/freetds-1.2.3/vms/vmsarg_parse.c:627:33: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(date_string, hour_1);
data/freetds-1.2.3/vms/vmsarg_parse.c:632:33: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(date_string, minute);
data/freetds-1.2.3/vms/vmsarg_parse.c:638:33: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(date_string, second);
data/freetds-1.2.3/vms/vmsarg_parse.c:726:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outstring, instring);
data/freetds-1.2.3/vms/vmsarg_parse.c:761:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(outstring, quote_string);
data/freetds-1.2.3/vms/vmsarg_parse.c:762:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(outstring, instring);
data/freetds-1.2.3/vms/vmsarg_parse.c:763:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(outstring, quote_string);
data/freetds-1.2.3/vms/vmsarg_parse.c:795:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(foreign_image, image_name);
data/freetds-1.2.3/vms/vmsarg_parse.c:806:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(command, verb);
data/freetds-1.2.3/vms/vmsarg_parse.c:808:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(command, arg_string);
data/freetds-1.2.3/include/freetds/thread.h:155:3: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&mtx->crit);
data/freetds-1.2.3/include/replacements.h:165:8: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
#undef getopt
data/freetds-1.2.3/include/replacements.h:167:9: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
#define getopt tds_getopt
data/freetds-1.2.3/src/apps/bsqldb.c:984:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
options->servername = getenv("DSQUERY");
data/freetds-1.2.3/src/apps/bsqldb.c:986:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "U:P:R:S:d:D:i:o:e:t:H:hqv")) != -1) {
data/freetds-1.2.3/src/apps/bsqlodbc.c:784:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "U:P:S:d:D:i:o:e:t:V:hqv")) != -1) {
data/freetds-1.2.3/src/apps/datacopy.c:214:16: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(argc, argv, "b:p:tac:dS:D:T:Ev")) != -1) {
data/freetds-1.2.3/src/apps/defncopy.c:25:5: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int getopt(int argc, const char *argv[], char *optstring);
data/freetds-1.2.3/src/apps/defncopy.c:691:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "U:P:S:d:D:i:o:v")) != -1) {
data/freetds-1.2.3/src/apps/fisql/fisql.c:519:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
editor = getenv("EDITOR");
data/freetds-1.2.3/src/apps/fisql/fisql.c:521:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
editor = getenv("VISUAL");
data/freetds-1.2.3/src/apps/fisql/fisql.c:529:25: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while (!errflg && (c = getopt(argc, argv, "eFgpnvXYa:c:D:E:h:H:i:I:J:l:m:o:P:s:S:t:U:w:y:z:A:"))
data/freetds-1.2.3/src/apps/freebcp.c:101:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("FREEBCP")) {
data/freetds-1.2.3/src/apps/freebcp.c:216:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "m:f:e:F:L:b:t:r:U:P:i:I:S:h:T:A:o:O:0:C:ncEdvVD:")) != -1) {
data/freetds-1.2.3/src/apps/freebcp.c:330:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((pdata->server = getenv("DSQUERY")) != NULL) {
data/freetds-1.2.3/src/apps/tsql.c:375:16: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(argc, argv, "fhLqtv")) != -1) {
data/freetds-1.2.3/src/apps/tsql.c:441:16: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(argc, argv, "a:H:S:I:J:P:U:p:Co:t:r:D:Lv")) != -1) {
data/freetds-1.2.3/src/apps/tsql.c:531:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *filename = getenv("TDSDUMP");
data/freetds-1.2.3/src/ctlib/unittests/common.c:83:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
s1 = getenv("TDSPWDFILE");
data/freetds-1.2.3/src/ctlib/unittests/common.c:128:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "U:P:S:D:f:m:v")) != -1) {
data/freetds-1.2.3/src/dblib/bcp.c:896:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
bcpdatefmt = getenv("FREEBCP_DATEFMT");
data/freetds-1.2.3/src/dblib/dblib.c:1189:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *tdsdump = getenv("TDSDUMP");
data/freetds-1.2.3/src/dblib/dblib.c:1201:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((server = getenv("TDSQUERY")) == NULL)
data/freetds-1.2.3/src/dblib/dblib.c:1202:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((server = getenv("DSQUERY")) == NULL)
data/freetds-1.2.3/src/dblib/unittests/bcp.c:268:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((s = getenv("BCP")) != NULL && 0 == strcmp(s, "nodrop")) {
data/freetds-1.2.3/src/dblib/unittests/common.c:153:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, (char**)argv, "U:P:S:D:f:v")) != -1) {
data/freetds-1.2.3/src/dblib/unittests/common.c:187:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
s1 = getenv("TDSPWDFILE");
data/freetds-1.2.3/src/odbc/connectparams.c:604:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((p = getenv("ODBCINI")) != NULL)
data/freetds-1.2.3/src/odbc/unittests/bcp.c:276:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((s = getenv("BCP")) != NULL && 0 == strcmp(s, "nodrop")) {
data/freetds-1.2.3/src/odbc/unittests/common.c:109:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
s1 = getenv("TDSPWDFILE");
data/freetds-1.2.3/src/odbc/unittests/common.c:168:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
s1 = getenv("TDSINIOVERRIDE");
data/freetds-1.2.3/src/odbc/unittests/common.c:279:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
p = getenv("ODBC_MARS");
data/freetds-1.2.3/src/odbc/unittests/common.c:565:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *p = getenv("TDS_SKIP_SUCCESS");
data/freetds-1.2.3/src/pool/main.c:254:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
tdsdump_open(getenv("TDSDUMP"));
data/freetds-1.2.3/src/pool/main.c:415:16: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(argc, argv, "l:c:" DAEMON_OPT)) != -1) {
data/freetds-1.2.3/src/replacements/getopt.c:54:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
__weak_alias(getopt,_getopt)
data/freetds-1.2.3/src/tds/config.c:155:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
s = getenv("TDSDUMPCONFIG");
data/freetds-1.2.3/src/tds/config.c:358:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
path = getenv("FREETDSCONF");
data/freetds-1.2.3/src/tds/config.c:368:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
eptr = getenv("FREETDS");
data/freetds-1.2.3/src/tds/config.c:816:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *s = getenv("TDSDUMP");
data/freetds-1.2.3/src/tds/config.c:842:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((s = getenv("TDSPORT"))) {
data/freetds-1.2.3/src/tds/config.c:854:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((tdsver = getenv("TDSVER"))) {
data/freetds-1.2.3/src/tds/config.c:870:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!(tdshost = getenv("TDSHOST")))
data/freetds-1.2.3/src/tds/config.c:1198:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
server = getenv("TDSQUERY");
data/freetds-1.2.3/src/tds/config.c:1231:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *sybase = getenv("SYBASE");
data/freetds-1.2.3/src/tds/config.c:1270:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((env_port = getenv("TDSPORT")) != NULL) {
data/freetds-1.2.3/src/tds/locale.c:70:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
s = getenv("LANG");
data/freetds-1.2.3/src/tds/login.c:138:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
server = getenv(names[i]);
data/freetds-1.2.3/src/tds/login.c:698:26: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *lservname = getenv("ASA_DATABASE")? getenv("ASA_DATABASE") : tds_dstr_cstr(&login->server_name);
data/freetds-1.2.3/src/tds/login.c:698:50: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *lservname = getenv("ASA_DATABASE")? getenv("ASA_DATABASE") : tds_dstr_cstr(&login->server_name);
data/freetds-1.2.3/src/tds/mem.c:1006:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((s=getenv("DSQUERY")) != NULL)
data/freetds-1.2.3/src/tds/mem.c:1009:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((s=getenv("TDSQUERY")) != NULL)
data/freetds-1.2.3/src/tds/sec_negotiate_gnutls.h:246:69: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
oaep_encrypt(size_t key_size, void *random_ctx, nettle_random_func *random,
data/freetds-1.2.3/src/tds/sec_negotiate_gnutls.h:269:2: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
random(random_ctx, hash_len, em.ros);
data/freetds-1.2.3/src/tds/sec_negotiate_gnutls.h:286:90: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
rsa_encrypt_oaep(const struct rsa_public_key *key, void *random_ctx, nettle_random_func *random,
data/freetds-1.2.3/src/tds/sec_negotiate_gnutls.h:289:43: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (!oaep_encrypt(key->size, random_ctx, random, length, message, gibberish))
data/freetds-1.2.3/src/tds/sspi.c:84:13: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
secdll = LoadLibrary(TEXT("secur32.dll"));
data/freetds-1.2.3/src/tds/unittests/charconv.c:318:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
tdsdump = getenv("TDSDUMP");
data/freetds-1.2.3/src/tds/unittests/common.c:21:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
s1 = getenv("TDSPWDFILE");
data/freetds-1.2.3/src/tds/unittests/freeze.c:470:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
tdsdump_open(getenv("TDSDUMP"));
data/freetds-1.2.3/src/tds/unittests/iconv_fread.c:49:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
tdsdump = getenv("TDSDUMP");
data/freetds-1.2.3/src/tds/unittests/parsing.c:70:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
tdsdump_open(getenv("TDSDUMP"));
data/freetds-1.2.3/src/utils/tds_cond.c:104:2: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&mtx->crit);
data/freetds-1.2.3/src/utils/threadsafe.c:293:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
home = getenv("HOME");
data/freetds-1.2.3/src/utils/win_mutex.c:45:4: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(&mutex->crit);
data/freetds-1.2.3/src/utils/win_mutex.c:50:2: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&mutex->crit);
data/freetds-1.2.3/src/utils/win_mutex.c:62:4: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(&mutex->crit);
data/freetds-1.2.3/include/cstypes.h:72:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char array[CS_MAX_NUMLEN];
data/freetds-1.2.3/include/dblib.h:147:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbcurdb[DBMAXNAME + 1];
data/freetds-1.2.3/include/dblib.h:148:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char servcharset[DBMAXNAME + 1];
data/freetds-1.2.3/include/freetds/charset_lookup.h:125:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str15[sizeof("L1")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:126:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str16[sizeof("L8")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:127:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str17[sizeof("L5")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:128:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str27[sizeof("L6")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:129:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str28[sizeof("SJIS")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:130:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str30[sizeof("koi8")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:131:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str31[sizeof("sjis")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:132:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str35[sizeof("R8")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:133:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str36[sizeof("iso81")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:134:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str38[sizeof("iso88")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:135:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str39[sizeof("iso15")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:136:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str40[sizeof("iso85")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:137:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str41[sizeof("thai8")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:138:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str42[sizeof("iso89")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:139:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str43[sizeof("roma8")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:140:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str44[sizeof("L4")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:141:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str45[sizeof("utf8")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:142:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str46[sizeof("866")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:143:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str47[sizeof("iso815")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:144:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str48[sizeof("big5")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:145:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str50[sizeof("roman8")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:146:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str56[sizeof("L2")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:147:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str57[sizeof("646")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:148:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str60[sizeof("iso86")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:149:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str63[sizeof("iso88591")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:150:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str65[sizeof("iso88598")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:151:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str66[sizeof("iso_1")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:152:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str67[sizeof("iso88595")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:153:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str69[sizeof("iso88599")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:154:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str70[sizeof("greek8")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:155:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str71[sizeof("ISO8859-1")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:156:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str72[sizeof("L7")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:157:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str73[sizeof("ISO8859-8")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:158:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str74[sizeof("iso885915")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:159:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str75[sizeof("ISO8859-5")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:160:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str77[sizeof("ISO8859-9")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:161:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str79[sizeof("ISO-8859-1")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:162:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str81[sizeof("ISO-8859-8")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:163:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str82[sizeof("ISO8859-15")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:164:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str83[sizeof("ISO-8859-5")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:165:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str85[sizeof("ISO-8859-9")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:166:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str87[sizeof("iso88596")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:167:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str89[sizeof("ISO-IR-58")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:168:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str90[sizeof("ISO-8859-15")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:169:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str91[sizeof("JAVA")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:170:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str92[sizeof("L3")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:171:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str93[sizeof("iso14")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:172:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str94[sizeof("iso84")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:173:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str95[sizeof("ISO8859-6")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:174:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str100[sizeof("ISO-IR-159")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:175:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str101[sizeof("ISO-IR-199")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:176:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str102[sizeof("ISO-IR-6")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:177:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str103[sizeof("ISO-8859-6")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:178:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str104[sizeof("862")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:179:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str105[sizeof("HZ")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:180:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str107[sizeof("iso646")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:181:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str108[sizeof("ISO-IR-165")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:182:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str109[sizeof("ISO_8859-1")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:183:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str110[sizeof("ISO-8859-16")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:184:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str111[sizeof("ISO_8859-8")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:185:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str113[sizeof("ISO_8859-5")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:186:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str115[sizeof("ISO_8859-9")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:187:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str116[sizeof("JP")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:188:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str118[sizeof("iso82")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:189:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str120[sizeof("ISO_8859-15")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:190:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str121[sizeof("iso88594")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:191:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str122[sizeof("850")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:192:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str123[sizeof("ISO-IR-148")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:193:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str124[sizeof("ISO_8859-15:1998")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:194:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str127[sizeof("ISO-IR-149")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:195:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str128[sizeof("ISO-IR-166")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:196:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str129[sizeof("ISO8859-4")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:197:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str133[sizeof("ISO_8859-6")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:198:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str135[sizeof("iso10")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:199:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str136[sizeof("CN")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:200:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str137[sizeof("ISO-8859-4")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:201:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str140[sizeof("ISO_8859-16")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:202:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str141[sizeof("KOREAN")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:203:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str142[sizeof("ISO-IR-101")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:204:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str143[sizeof("ISO-IR-14")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:205:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str144[sizeof("ISO-8859-14")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:206:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str145[sizeof("iso88592")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:207:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str146[sizeof("KOI8-R")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:208:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str148[sizeof("ISO-IR-109")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:209:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str149[sizeof("C99")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:210:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str150[sizeof("iso87")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:211:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str151[sizeof("ISO_8859-14:1998")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:212:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str152[sizeof("LATIN1")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:213:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str153[sizeof("ISO8859-2")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:214:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str154[sizeof("LATIN8")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:215:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str155[sizeof("ISO-IR-179")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:216:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str156[sizeof("LATIN5")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:217:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str157[sizeof("ISO-IR-126")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:218:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str158[sizeof("ASCII")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:219:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str161[sizeof("ISO-8859-2")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:220:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str164[sizeof("CP819")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:221:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str167[sizeof("ISO_8859-4")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:222:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str170[sizeof("TCVN")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:223:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str171[sizeof("ISO-IR-138")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:224:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str173[sizeof("hp15CN")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:225:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str174[sizeof("ISO_8859-14")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:226:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str176[sizeof("LATIN6")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:227:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str177[sizeof("iso88597")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:228:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str178[sizeof("ISO8859-10")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:229:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str179[sizeof("ISO-IR-144")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:230:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str183[sizeof("ISO_8859-16:2000")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:231:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str185[sizeof("ISO8859-7")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:232:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str186[sizeof("ISO-8859-10")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:233:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str189[sizeof("iso13")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:234:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str190[sizeof("iso83")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:235:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str191[sizeof("ISO_8859-2")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:236:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str192[sizeof("ISO-IR-110")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:237:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str193[sizeof("ISO-8859-7")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:238:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str194[sizeof("CP866")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:239:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str195[sizeof("CP949")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:240:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str196[sizeof("tis620")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:241:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str197[sizeof("VISCII")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:242:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str198[sizeof("ISO-IR-226")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:243:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str199[sizeof("US")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:244:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str200[sizeof("ISO-IR-87")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:245:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str201[sizeof("ISO-IR-57")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:246:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str202[sizeof("IBM819")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:247:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str203[sizeof("macthai")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:248:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str204[sizeof("MS-ANSI")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:249:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str205[sizeof("macturk")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:250:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str207[sizeof("CP1251")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:251:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str208[sizeof("ISO-IR-157")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:252:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str209[sizeof("CP1258")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:253:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str210[sizeof("LATIN4")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:254:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str211[sizeof("CP1255")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:255:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str212[sizeof("ISO_8859-10:1992")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:256:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str213[sizeof("cp866")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:257:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str214[sizeof("cp949")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:258:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str216[sizeof("ISO_8859-10")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:259:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str217[sizeof("iso88593")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:260:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str218[sizeof("ROMAN8")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:261:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str219[sizeof("CHINESE")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:262:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str220[sizeof("JIS0208")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:263:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str223[sizeof("ISO_8859-7")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:264:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str225[sizeof("macgreek")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:265:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str226[sizeof("cp1251")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:266:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str227[sizeof("ascii_8")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:267:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str228[sizeof("cp1258")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:268:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str229[sizeof("ECMA-118")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:269:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str230[sizeof("cp1255")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:270:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str231[sizeof("CP1256")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:271:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str232[sizeof("IBM866")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:272:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str233[sizeof("ISO-8859-3")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:273:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str234[sizeof("LATIN2")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:274:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str235[sizeof("BIG5")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:275:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str236[sizeof("MULELAO-1")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:276:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str237[sizeof("MS-EE")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:277:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str239[sizeof("ISO646-CN")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:278:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str240[sizeof("ISO-8859-13")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:279:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str242[sizeof("ISO-IR-100")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:280:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str243[sizeof("BIG-5")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:281:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str247[sizeof("ISO-IR-127")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:282:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str248[sizeof("GREEK8")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:283:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str250[sizeof("cp1256")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:284:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str252[sizeof("CP862")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:285:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str253[sizeof("CP1361")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:286:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str255[sizeof("GBK")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:287:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str258[sizeof("ELOT_928")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:288:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str260[sizeof("CP850")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:289:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str261[sizeof("CP936")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:290:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str262[sizeof("CP950")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:291:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str263[sizeof("ISO_8859-3")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:292:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str265[sizeof("CP1254")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:293:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str266[sizeof("LATIN7")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:294:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str270[sizeof("ISO_8859-13")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:295:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str271[sizeof("cp862")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:296:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str273[sizeof("CP874")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:297:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str274[sizeof("CSKOI8R")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:298:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str275[sizeof("EUCKR")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:299:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str279[sizeof("cp850")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:300:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str280[sizeof("cp936")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:301:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str281[sizeof("cp950")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:302:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str283[sizeof("EUC-KR")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:303:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str284[sizeof("cp1254")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:304:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str285[sizeof("ECMA-114")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:305:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str288[sizeof("eucKR")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:306:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str289[sizeof("CP1252")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:307:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str290[sizeof("IBM862")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:308:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str291[sizeof("CSISO159JISX02121990")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:309:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str292[sizeof("cp874")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:310:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str293[sizeof("ISO646-JP")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:311:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str294[sizeof("CSASCII")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:312:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str295[sizeof("EUCCN")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:313:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str297[sizeof("UCS-4LE")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:314:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str298[sizeof("IBM850")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:315:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str301[sizeof("GREEK")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:316:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str302[sizeof("ISO646-US")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:317:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str303[sizeof("EUC-CN")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:318:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str304[sizeof("TIS620")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:319:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str305[sizeof("mac")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:320:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str306[sizeof("LATIN3")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:321:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str307[sizeof("CP1250")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:322:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str308[sizeof("cp1252")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:323:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str309[sizeof("UCS-2LE")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:324:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str310[sizeof("CSISOLATIN1")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:325:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str312[sizeof("TIS-620")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:326:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str313[sizeof("TCVN5712-1")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:327:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str314[sizeof("CSISOLATIN5")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:328:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str318[sizeof("GB_1988-80")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:329:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str319[sizeof("CP932")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:330:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str320[sizeof("ASMO-708")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:331:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str321[sizeof("CP1257")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:332:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str324[sizeof("KOI8-T")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:333:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str326[sizeof("cp1250")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:334:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str329[sizeof("HP-ROMAN8")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:335:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str331[sizeof("MS_KANJI")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:336:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str333[sizeof("CSVISCII")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:337:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str334[sizeof("CSISOLATIN6")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:338:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str335[sizeof("KSC_5601")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:339:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str336[sizeof("SHIFT-JIS")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:340:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str337[sizeof("ISO-IR-203")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:341:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str338[sizeof("cp932")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:342:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str339[sizeof("JOHAB")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:343:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str340[sizeof("cp1257")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:344:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str342[sizeof("ARMSCII-8")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:345:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str345[sizeof("ISO_646.IRV:1991")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:346:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str347[sizeof("TCVN-5712")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:347:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str349[sizeof("EUCJP")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:348:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str350[sizeof("UTF8")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:349:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str351[sizeof("X0201")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:350:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str352[sizeof("GB2312")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:351:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str353[sizeof("X0208")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:352:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str354[sizeof("ISO-2022-KR")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:353:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str355[sizeof("MS-CYRL")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:354:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str356[sizeof("ISO-2022-JP-1")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:355:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str357[sizeof("EUC-JP")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:356:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str358[sizeof("UTF-8")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:357:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str359[sizeof("VISCII1.1-1")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:358:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str360[sizeof("CP367")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:359:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str361[sizeof("CP1253")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:360:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str362[sizeof("eucJP")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:361:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str364[sizeof("mac_cyr")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:362:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str365[sizeof("US-ASCII")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:363:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str366[sizeof("SHIFT_JIS")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:364:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str368[sizeof("CSISOLATIN4")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:365:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str369[sizeof("TIS620-0")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:366:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str371[sizeof("CSBIG5")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:367:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str374[sizeof("ISO-2022-CN")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:368:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str377[sizeof("CP437")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:369:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str379[sizeof("CN-BIG5")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:370:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str380[sizeof("cp1253")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:371:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str381[sizeof("ARABIC")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:372:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str383[sizeof("X0212")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:373:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str384[sizeof("CSISO14JISC6220RO")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:374:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str387[sizeof("GB18030")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:375:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str389[sizeof("UCS-4BE")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:376:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str392[sizeof("CSISOLATIN2")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:377:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str393[sizeof("GEORGIAN-PS")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:378:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str394[sizeof("KS_C_5601-1989")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:379:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str395[sizeof("CP1133")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:380:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str396[sizeof("cp437")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:381:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str397[sizeof("ISO-2022-JP-2")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:382:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str398[sizeof("IBM367")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:383:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str401[sizeof("UCS-2BE")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:384:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str402[sizeof("UNICODE-1-1")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:385:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str409[sizeof("JIS_C6220-1969-RO")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:386:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str411[sizeof("MS-ARAB")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:387:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str415[sizeof("IBM437")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:388:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str418[sizeof("MAC")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:389:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str422[sizeof("UTF-16LE")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:390:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str428[sizeof("ISO-2022-JP")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:391:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str429[sizeof("CN-GB-ISOIR165")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:392:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str434[sizeof("WINDOWS-1251")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:393:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str435[sizeof("WINDOWS-1258")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:394:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str436[sizeof("WINDOWS-1255")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:395:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str438[sizeof("CSISOLATINARABIC")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:396:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str441[sizeof("MS-HEBR")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:397:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str444[sizeof("CYRILLIC")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:398:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str445[sizeof("JIS_C6226-1983")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:399:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str446[sizeof("WINDOWS-1256")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:400:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str448[sizeof("KS_C_5601-1987")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:401:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str450[sizeof("UHC")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:402:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str452[sizeof("BIGFIVE")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:403:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str454[sizeof("CN-GB")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:404:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str455[sizeof("GEORGIAN-ACADEMY")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:405:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str460[sizeof("BIG-FIVE")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:406:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str461[sizeof("CSIBM866")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:407:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str462[sizeof("UTF7")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:408:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str463[sizeof("WINDOWS-1254")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:409:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str464[sizeof("CSISOLATIN3")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:410:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str465[sizeof("UNICODE-1-1-UTF-7")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:411:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str467[sizeof("CSISO57GB1988")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:412:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str470[sizeof("UTF-7")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:413:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str472[sizeof("GB_2312-80")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:414:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str474[sizeof("CSISO2022KR")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:415:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str475[sizeof("WINDOWS-1252")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:416:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str476[sizeof("KOI8-U")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:417:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str479[sizeof("ISO_8859-8:1988")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:418:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str480[sizeof("ISO_8859-5:1988")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:419:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str483[sizeof("ISO_8859-9:1989")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:420:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str484[sizeof("WINDOWS-1250")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:421:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str485[sizeof("MACICELAND")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:422:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str486[sizeof("CSISOLATINGREEK")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:423:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str487[sizeof("ISO-2022-CN-EXT")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:424:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str488[sizeof("JIS_X0201")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:425:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str489[sizeof("JISX0201-1976")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:426:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str490[sizeof("JIS_X0208")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:427:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str491[sizeof("WINDOWS-1257")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:428:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str494[sizeof("CSISO2022CN")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:429:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str496[sizeof("MS-GREEK")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:430:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str500[sizeof("EXTENDED_UNIX_CODE_PACKED_FORMAT_FOR_JAPANESE")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:431:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str503[sizeof("KOI8-RU")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:432:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str504[sizeof("TIS620.2529-1")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:433:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str505[sizeof("MACROMAN")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:434:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str506[sizeof("WINDOWS-874")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:435:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str507[sizeof("ISO_8859-4:1988")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:436:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str509[sizeof("CSKSC56011987")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:437:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str511[sizeof("WINDOWS-1253")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:438:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str514[sizeof("UTF-16BE")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:439:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str515[sizeof("CSISO87JISX0208")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:440:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str516[sizeof("CSISO2022JP2")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:441:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str520[sizeof("JIS_X0212")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:442:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str521[sizeof("MACROMANIA")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:443:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str522[sizeof("CSUNICODE11")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:444:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str523[sizeof("MACTHAI")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:445:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str528[sizeof("UTF-32LE")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:446:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str531[sizeof("CSHPROMAN8")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:447:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str534[sizeof("ISO_8859-1:1987")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:448:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str541[sizeof("BIG5HKSCS")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:449:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str546[sizeof("ISO_8859-6:1987")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:450:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str547[sizeof("JIS_X0212-1990")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:451:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str548[sizeof("CSISO2022JP")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:452:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str549[sizeof("BIG5-HKSCS")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:453:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str553[sizeof("CSSHIFTJIS")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:454:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str555[sizeof("ISO_8859-3:1988")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:455:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str557[sizeof("JIS_X0208-1990")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:456:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str560[sizeof("CSISOLATINHEBREW")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:457:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str561[sizeof("CSISOLATINCYRILLIC")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:458:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str563[sizeof("ISO-CELTIC")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:459:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str564[sizeof("HZ-GB-2312")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:460:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str571[sizeof("ANSI_X3.4-1968")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:461:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str572[sizeof("HEBREW")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:462:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str575[sizeof("ISO_8859-2:1987")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:463:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str577[sizeof("CSISO58GB231280")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:464:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str581[sizeof("CSGB2312")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:465:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str582[sizeof("ANSI_X3.4-1986")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:466:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str583[sizeof("CSUNICODE11UTF7")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:467:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str584[sizeof("JIS_X0208-1983")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:468:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str591[sizeof("ISO_8859-7:1987")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:469:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str594[sizeof("EUCTW")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:470:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str596[sizeof("CSEUCKR")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:471:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str602[sizeof("EUC-TW")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:472:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str605[sizeof("MACCROATIAN")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:473:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str607[sizeof("eucTW")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:474:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str614[sizeof("TIS620.2533-1")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:475:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str617[sizeof("MACGREEK")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:476:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str620[sizeof("UTF-32BE")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:477:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str625[sizeof("MACINTOSH")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:478:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str637[sizeof("UNICODELITTLE")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:479:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str641[sizeof("MS-TURK")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:480:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str645[sizeof("MACUKRAINE")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:481:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str651[sizeof("IBM-CP1133")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:482:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str658[sizeof("MACCENTRALEUROPE")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:483:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str663[sizeof("NEXTSTEP")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:484:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str664[sizeof("TIS620.2533-0")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:485:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str674[sizeof("JIS_X0212.1990-0")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:486:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str697[sizeof("MACARABIC")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:487:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str706[sizeof("UNICODEBIG")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:488:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str723[sizeof("CSPC862LATINHEBREW")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:489:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str748[sizeof("MACCYRILLIC")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:490:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str756[sizeof("WINBALTRIM")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:491:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str758[sizeof("TCVN5712-1:1993")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:492:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str762[sizeof("CSMACINTOSH")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:493:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str788[sizeof("CSHALFWIDTHKATAKANA")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:494:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str884[sizeof("MACHEBREW")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:495:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str899[sizeof("MACTURKISH")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:496:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str905[sizeof("CSPC850MULTILINGUAL")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:497:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str915[sizeof("CSEUCTW")];
data/freetds-1.2.3/include/freetds/charset_lookup.h:498:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stringpool_str1079[sizeof("CSEUCPKDFMTJAPANESE")];
data/freetds-1.2.3/include/freetds/odbc.h:96:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char state2[6];
data/freetds-1.2.3/include/freetds/odbc.h:97:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char state3[6];
data/freetds-1.2.3/include/freetds/odbc.h:603:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mb[1];
data/freetds-1.2.3/include/freetds/odbc.h:702:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t buf[256];
data/freetds-1.2.3/include/freetds/proto.h:29:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char array[33];
data/freetds-1.2.3/include/freetds/sysdep_private.h:113:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#undef open
data/freetds-1.2.3/include/freetds/sysdep_private.h:114:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define open(fn,...) _open(fn,__VA_ARGS__)
data/freetds-1.2.3/include/freetds/tds.h:379:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char *const tds_type_names[256];
data/freetds-1.2.3/include/freetds/tds.h:508:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char values[TDS_MAX_CAPABILITY/2-2];
data/freetds-1.2.3/include/freetds/tds.h:751:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char column_iconv_buf[9];
data/freetds-1.2.3/include/freetds/tds.h:910:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
TDS_CURSOR_STATE open;
data/freetds-1.2.3/include/freetds/tds.h:988:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[30];
data/freetds-1.2.3/include/freetds/tds.h:1074:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1];
data/freetds-1.2.3/include/freetds/tds.h:1618:44: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void tds_getmac(TDS_SYS_SOCKET s, unsigned char mac[6]);
data/freetds-1.2.3/include/freetds/thread.h:251:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy[0]; /* compiler compatibility */
data/freetds-1.2.3/include/freetds/thread.h:279:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy[0]; /* compiler compatibility */
data/freetds-1.2.3/include/freetds/thread.h:300:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy[0]; /* compiler compatibility */
data/freetds-1.2.3/include/freetds/utils/hmac_md5.h:24:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void hmac_md5(const unsigned char key[16],
data/freetds-1.2.3/include/freetds/utils/string.h:38:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dstr_s[1];
data/freetds-1.2.3/include/sybdb.h:265:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[256];
data/freetds-1.2.3/include/sybdb.h:271:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char array[256];
data/freetds-1.2.3/include/sybdb.h:278:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char array[33];
data/freetds-1.2.3/misc/cmake_checks.c:12:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128]; int len = snprintf(buf, 128, "%d", 123);
data/freetds-1.2.3/misc/cmake_checks.c:14:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128]; int len = _snprintf(buf, 128, "%d", 123);
data/freetds-1.2.3/misc/cmake_checks.c:16:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
va_list va; char buf[128]; int len = vsnprintf(buf, 128, "%d", va);
data/freetds-1.2.3/misc/cmake_checks.c:18:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
va_list va; char buf[128]; int len = _vsnprintf(buf, 128, "%d", va);
data/freetds-1.2.3/samples/debug.c:44:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[BUFSIZ];
data/freetds-1.2.3/samples/debug.c:48:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen("client.out","w");
data/freetds-1.2.3/samples/dyntest.c:90:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[20];
data/freetds-1.2.3/src/apps/bsqldb.c:91:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *servername,
data/freetds-1.2.3/src/apps/bsqldb.c:183:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
options.verbose = fopen(null_device, "w");
data/freetds-1.2.3/src/apps/bsqldb.c:234:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char query_line[4096];
data/freetds-1.2.3/src/apps/bsqldb.c:569:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
metacompute[i]->data[c].buffer = (char *) calloc(1, metacompute[i]->meta[c].width);
data/freetds-1.2.3/src/apps/bsqldb.c:654:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt[256] = "%-";
data/freetds-1.2.3/src/apps/bsqldb.c:714:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char parameter_string[1024];
data/freetds-1.2.3/src/apps/bsqldb.c:1057:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char password[128];
data/freetds-1.2.3/src/apps/bsqlodbc.c:89:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *servername,
data/freetds-1.2.3/src/apps/bsqlodbc.c:264:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
options.verbose = fopen(null_device, "w");
data/freetds-1.2.3/src/apps/bsqlodbc.c:359:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char query_line[4096];
data/freetds-1.2.3/src/apps/bsqlodbc.c:426:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[64];
data/freetds-1.2.3/src/apps/bsqlodbc.c:467:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "unknown: %d", (int)type);
data/freetds-1.2.3/src/apps/datacopy.c:150:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reply[256];
data/freetds-1.2.3/src/apps/datacopy.c:218:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pdata->batchsize = atoi(optarg);
data/freetds-1.2.3/src/apps/datacopy.c:222:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pdata->packetsize = atoi(optarg);
data/freetds-1.2.3/src/apps/datacopy.c:252:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pdata->textsize = opt = atoi(optarg);
data/freetds-1.2.3/src/apps/datacopy.c:407:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ls_command[2048];
data/freetds-1.2.3/src/apps/datacopy.c:478:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/freetds-1.2.3/src/apps/datacopy.c:483:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", textsize);
data/freetds-1.2.3/src/apps/datacopy.c:495:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ls_command[256];
data/freetds-1.2.3/src/apps/datacopy.c:582:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ls_command[256];
data/freetds-1.2.3/src/apps/defncopy.c:109:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *servername,
data/freetds-1.2.3/src/apps/defncopy.c:119:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[512], owner[512];
data/freetds-1.2.3/src/apps/defncopy.c:131:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char use_statement[512];
data/freetds-1.2.3/src/apps/defncopy.c:284:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(procedure->owner, argument, len);
data/freetds-1.2.3/src/apps/defncopy.c:289:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(procedure->owner, "dbo");
data/freetds-1.2.3/src/apps/defncopy.c:335:17: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
create_index = tmpfile();
data/freetds-1.2.3/src/apps/defncopy.c:351:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char **coldesc[sizeof(struct DDL)/sizeof(char*)]; /* an array of pointers to the DDL elements */
data/freetds-1.2.3/src/apps/defncopy.c:366:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(index_name, dbdata(dbproc, 1), datlen);
data/freetds-1.2.3/src/apps/defncopy.c:372:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(index_description, dbdata(dbproc, 2), datlen);
data/freetds-1.2.3/src/apps/defncopy.c:378:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(index_keys, dbdata(dbproc, 3), datlen);
data/freetds-1.2.3/src/apps/defncopy.c:461:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*coldesc[i], dbdata(dbproc, colmap[i]), datlen);
data/freetds-1.2.3/src/apps/defncopy.c:556:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sql_text[16002];
data/freetds-1.2.3/src/apps/fisql/fisql.c:274:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpfn[256];
data/freetds-1.2.3/src/apps/fisql/fisql.c:280:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char foobuf[40];
data/freetds-1.2.3/src/apps/fisql/fisql.c:284:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmpfn, "/tmp/fisqlXXXXXX");
data/freetds-1.2.3/src/apps/fisql/fisql.c:286:10: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
tmpfd = mkstemp(tmpfn);
data/freetds-1.2.3/src/apps/fisql/fisql.c:310:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(tmpfn, "r");
data/freetds-1.2.3/src/apps/fisql/fisql.c:319:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(foobuf, "1>> ");
data/freetds-1.2.3/src/apps/fisql/fisql.c:322:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(foobuf, "%d>> ", ibuflines + 1);
data/freetds-1.2.3/src/apps/fisql/fisql.c:364:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(tfn, "r")) == NULL) {
data/freetds-1.2.3/src/apps/fisql/fisql.c:371:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
rl_outstream = fopen("/dev/null", "w");
data/freetds-1.2.3/src/apps/fisql/fisql.c:390:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char foobuf[40];
data/freetds-1.2.3/src/apps/fisql/fisql.c:398:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(foobuf, "%d>> ", ibuflines + 1);
data/freetds-1.2.3/src/apps/fisql/fisql.c:506:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char adbuf[512];
data/freetds-1.2.3/src/apps/fisql/fisql.c:568:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
headers = atoi(optarg);
data/freetds-1.2.3/src/apps/fisql/fisql.c:583:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
logintime = atoi(optarg);
data/freetds-1.2.3/src/apps/fisql/fisql.c:586:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
global_errorlevel = atoi(optarg);
data/freetds-1.2.3/src/apps/fisql/fisql.c:601:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
timeout = atoi(optarg);
data/freetds-1.2.3/src/apps/fisql/fisql.c:614:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sybenv, "SYBASE=");
data/freetds-1.2.3/src/apps/fisql/fisql.c:622:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
size = atoi(optarg);
data/freetds-1.2.3/src/apps/fisql/fisql.c:647:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
rl_outstream = fopen("/dev/null", "rw");
data/freetds-1.2.3/src/apps/freebcp.c:225:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pdata->maxerrors = atoi(optarg);
data/freetds-1.2.3/src/apps/freebcp.c:238:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pdata->firstrow = atoi(optarg);
data/freetds-1.2.3/src/apps/freebcp.c:242:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pdata->lastrow = atoi(optarg);
data/freetds-1.2.3/src/apps/freebcp.c:246:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pdata->batchsize = atoi(optarg);
data/freetds-1.2.3/src/apps/freebcp.c:307:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pdata->textsize = atoi(optarg);
data/freetds-1.2.3/src/apps/freebcp.c:311:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pdata->packetsize = atoi(optarg);
data/freetds-1.2.3/src/apps/freebcp.c:708:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char optBuf[256];
data/freetds-1.2.3/src/apps/freebcp.c:710:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((optFile = fopen(params->options, "r")) == NULL) {
data/freetds-1.2.3/src/apps/freebcp.h:31:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbdirection[10];
data/freetds-1.2.3/src/apps/tsql.c:186:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pversion_string, "%d.%d", TDS_MAJOR(conn), TDS_MINOR(conn));
data/freetds-1.2.3/src/apps/tsql.c:205:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[128];
data/freetds-1.2.3/src/apps/tsql.c:281:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version[64];
data/freetds-1.2.3/src/apps/tsql.c:297:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message, "Total time for processing %d rows: %ld msecs\n",
data/freetds-1.2.3/src/apps/tsql.c:483:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = atoi(optarg);
data/freetds-1.2.3/src/apps/tsql.c:522:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(minus_flags, "go -");
data/freetds-1.2.3/src/apps/tsql.c:675:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linebuf[1024];
data/freetds-1.2.3/src/apps/tsql.c:678:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(fname, "r")) == NULL) {
data/freetds-1.2.3/src/apps/tsql.c:716:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/freetds-1.2.3/src/apps/tsql.c:719:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "\r%2d", ++count);
data/freetds-1.2.3/src/apps/tsql.c:730:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prompt[20];
data/freetds-1.2.3/src/apps/tsql.c:851:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(prompt, "%d> ", ++line);
data/freetds-1.2.3/src/ctlib/blk.c:373:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buffer, &retval, sizeof(retval));
data/freetds-1.2.3/src/ctlib/cs.c:52:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char unknown[24];
data/freetds-1.2.3/src/ctlib/cs.c:79:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(unknown, "oops: %u ??", retcode);
data/freetds-1.2.3/src/ctlib/cs.c:396:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, ctx->userdata, maxcp);
data/freetds-1.2.3/src/ctlib/cs.c:430:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->userdata, buffer, maxcp);
data/freetds-1.2.3/src/ctlib/cs.c:552:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, srcdata, src_len);
data/freetds-1.2.3/src/ctlib/cs.c:583:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, srcdata, minlen);
data/freetds-1.2.3/src/ctlib/cs.c:648:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, srcdata, *resultlen);
data/freetds-1.2.3/src/ctlib/cs.c:657:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, srcdata, minlen);
data/freetds-1.2.3/src/ctlib/cs.c:733:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, cres.ib, len);
data/freetds-1.2.3/src/ctlib/cs.c:765:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, &(cres.ti), *resultlen);
data/freetds-1.2.3/src/ctlib/cs.c:771:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, &(cres.n), src_len);
data/freetds-1.2.3/src/ctlib/cs.c:792:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, cres.c, len);
data/freetds-1.2.3/src/ctlib/cs.c:801:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, cres.c, len);
data/freetds-1.2.3/src/ctlib/cs.c:809:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, cres.c, len);
data/freetds-1.2.3/src/ctlib/cs.c:815:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, cres.c, len);
data/freetds-1.2.3/src/ctlib/cs.c:1038:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((char *)buffer)[0] = '\0';
data/freetds-1.2.3/src/ctlib/cs.c:1053:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((char *)buffer)[0] = '\0';
data/freetds-1.2.3/src/ctlib/cs.c:1073:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((char *)buffer)[0] = '\0';
data/freetds-1.2.3/src/ctlib/cs.c:1094:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((char *)buffer)[0] = '\0';
data/freetds-1.2.3/src/ctlib/cs.c:1334:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((*curptr)->msg, message, sizeof(CS_CLIENTMSG));
data/freetds-1.2.3/src/ctlib/cs.c:1363:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(message, curptr->msg, sizeof(CS_CLIENTMSG));
data/freetds-1.2.3/src/ctlib/ct.c:452:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(con->userdata, buffer, buflen);
data/freetds-1.2.3/src/ctlib/ct.c:566:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, con->userdata, maxcp);
data/freetds-1.2.3/src/ctlib/ct.c:574:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, &intval, sizeof(intval));
data/freetds-1.2.3/src/ctlib/ct.c:581:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, &intval, sizeof(intval));
data/freetds-1.2.3/src/ctlib/ct.c:588:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, &intval, sizeof(intval));
data/freetds-1.2.3/src/ctlib/ct.c:2521:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, &int_val, sizeof(CS_INT));
data/freetds-1.2.3/src/ctlib/ct.c:2529:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, &int_val, sizeof(CS_INT));
data/freetds-1.2.3/src/ctlib/ct.c:2678:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd->userdata, buffer, buflen);
data/freetds-1.2.3/src/ctlib/ct.c:2736:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, cmd->userdata, maxcp);
data/freetds-1.2.3/src/ctlib/ct.c:2773:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, &int_val, sizeof(CS_INT));
data/freetds-1.2.3/src/ctlib/ct.c:2799:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, &int_val, sizeof(CS_INT));
data/freetds-1.2.3/src/ctlib/ct.c:2809:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, &int_val, sizeof(CS_INT));
data/freetds-1.2.3/src/ctlib/ct.c:2820:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, &int_val, sizeof(CS_INT));
data/freetds-1.2.3/src/ctlib/ct.c:2903:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cmd->iodesc->name, "%*.*s.%*.*s",
data/freetds-1.2.3/src/ctlib/ct.c:2910:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd->iodesc->timestamp, blob->timestamp, CS_TS_SIZE);
data/freetds-1.2.3/src/ctlib/ct.c:2912:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd->iodesc->textptr, blob->textptr, CS_TP_SIZE);
data/freetds-1.2.3/src/ctlib/ct.c:2938:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, src, srclen);
data/freetds-1.2.3/src/ctlib/ct.c:2947:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, src, buflen);
data/freetds-1.2.3/src/ctlib/ct.c:2959:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char textptr_string[35]; /* 16 * 2 + 2 (0x) + 1 */
data/freetds-1.2.3/src/ctlib/ct.c:2960:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timestamp_string[19]; /* 8 * 2 + 2 (0x) + 1 */
data/freetds-1.2.3/src/ctlib/ct.c:2963:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hex2[3];
data/freetds-1.2.3/src/ctlib/ct.c:2989:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hex2, "%02x", cmd->iodesc->textptr[s]);
data/freetds-1.2.3/src/ctlib/ct.c:2998:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hex2, "%02x", cmd->iodesc->timestamp[s]);
data/freetds-1.2.3/src/ctlib/ct.c:3050:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd->iodesc->timestamp, iodesc->timestamp, iodesc->timestamplen);
data/freetds-1.2.3/src/ctlib/ct.c:3052:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd->iodesc->textptr, iodesc->textptr, iodesc->textptrlen);
data/freetds-1.2.3/src/ctlib/ct.c:3072:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iodesc->timestamp, cmd->iodesc->timestamp, cmd->iodesc->timestamplen);
data/freetds-1.2.3/src/ctlib/ct.c:3074:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iodesc->textptr, cmd->iodesc->textptr, cmd->iodesc->textptrlen);
data/freetds-1.2.3/src/ctlib/ct.c:4052:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(curcol->column_data, value, size);
data/freetds-1.2.3/src/ctlib/ct.c:4060:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(blob->textvalue, value, size);
data/freetds-1.2.3/src/ctlib/ct.c:4332:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(param->value, data, *(param->datalen));
data/freetds-1.2.3/src/ctlib/ct.c:4487:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((*curptr)->clientmsg, message, sizeof(CS_CLIENTMSG));
data/freetds-1.2.3/src/ctlib/ct.c:4543:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((*curptr)->servermsg, message, sizeof(CS_SERVERMSG));
data/freetds-1.2.3/src/ctlib/ct.c:4572:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(message, curptr->clientmsg, sizeof(CS_CLIENTMSG));
data/freetds-1.2.3/src/ctlib/ct.c:4600:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(message, curptr->servermsg, sizeof(CS_SERVERMSG));
data/freetds-1.2.3/src/ctlib/unittests/all_types.c:21:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_buf[256];
data/freetds-1.2.3/src/ctlib/unittests/array_bind.c:75:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(select, "select col1, col2, col3 from #ctlibarray order by col1 ");
data/freetds-1.2.3/src/ctlib/unittests/blk_in.c:30:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char command[512];
data/freetds-1.2.3/src/ctlib/unittests/blk_in2.c:68:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[512];
data/freetds-1.2.3/src/ctlib/unittests/blk_in2.c:71:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char table_name[20] = "hogexxx";
data/freetds-1.2.3/src/ctlib/unittests/cancel.c:53:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char query[1024];
data/freetds-1.2.3/src/ctlib/unittests/cancel.c:73:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(query, "INSERT #t0010 (id, col1) values (%d, 'This is field no %d')", i, i);
data/freetds-1.2.3/src/ctlib/unittests/common.c:27:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char USER[512];
data/freetds-1.2.3/src/ctlib/unittests/common.c:28:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char SERVER[512];
data/freetds-1.2.3/src/ctlib/unittests/common.c:29:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PASSWORD[512];
data/freetds-1.2.3/src/ctlib/unittests/common.c:30:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char DATABASE[512];
data/freetds-1.2.3/src/ctlib/unittests/common.c:72:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[512];
data/freetds-1.2.3/src/ctlib/unittests/common.c:85:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in = fopen(s1, "r");
data/freetds-1.2.3/src/ctlib/unittests/common.c:87:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in = fopen(PWD, "r");
data/freetds-1.2.3/src/ctlib/unittests/common.c:123:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
BASENAME = basename((char *)argv[0]);
data/freetds-1.2.3/src/ctlib/unittests/common.c:124:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
DIRNAME = dirname((char *)argv[0]);
data/freetds-1.2.3/src/ctlib/unittests/common.c:209:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char query[512+10];
data/freetds-1.2.3/src/ctlib/unittests/common.c:431:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str[64];
data/freetds-1.2.3/src/ctlib/unittests/common.c:446:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "?? (%d)", (int) ret);
data/freetds-1.2.3/src/ctlib/unittests/common.h:5:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char SERVER[512];
data/freetds-1.2.3/src/ctlib/unittests/common.h:6:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char DATABASE[512];
data/freetds-1.2.3/src/ctlib/unittests/common.h:7:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char USER[512];
data/freetds-1.2.3/src/ctlib/unittests/common.h:8:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char PASSWORD[512];
data/freetds-1.2.3/src/ctlib/unittests/common.h:13:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char SERVER[512];
data/freetds-1.2.3/src/ctlib/unittests/common.h:14:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char DATABASE[512];
data/freetds-1.2.3/src/ctlib/unittests/common.h:15:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char USER[512];
data/freetds-1.2.3/src/ctlib/unittests/common.h:16:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PASSWORD[512];
data/freetds-1.2.3/src/ctlib/unittests/cs_config.c:36:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(string_in,"FreeTDS");
data/freetds-1.2.3/src/ctlib/unittests/cs_config.c:60:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(string_in,"FreeTDS");
data/freetds-1.2.3/src/ctlib/unittests/cs_config.c:68:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(string_out,"XXXXXXXXXXXXXXX");
data/freetds-1.2.3/src/ctlib/unittests/cs_convert.c:34:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/freetds-1.2.3/src/ctlib/unittests/ct_cursor.c:80:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(text, "select col1 from #test_table where 1 = 1");
data/freetds-1.2.3/src/ctlib/unittests/ct_cursor.c:81:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(name, "c1");
data/freetds-1.2.3/src/ctlib/unittests/ct_cursor.c:260:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(text, "select col1 from #test_table where 2 = 2");
data/freetds-1.2.3/src/ctlib/unittests/ct_cursors.c:104:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(text, "select col1 from #test_table order by col1");
data/freetds-1.2.3/src/ctlib/unittests/ct_cursors.c:198:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(text, "select col1 from #test_table2 order by col1");
data/freetds-1.2.3/src/ctlib/unittests/ct_diagall.c:76:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(select, "select col1, col2 from #ctlibarray order by col1 ");
data/freetds-1.2.3/src/ctlib/unittests/ct_diagclient.c:74:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(select, "select col1, col2 from #ctlibarray order by col1 ");
data/freetds-1.2.3/src/ctlib/unittests/ct_dynamic.c:108:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cmdbuf, "create table #ct_dynamic (id numeric identity not null, \
data/freetds-1.2.3/src/ctlib/unittests/ct_dynamic.c:114:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cmdbuf, "insert into #ct_dynamic ( name , age , cost , bdate , fval ) ");
data/freetds-1.2.3/src/ctlib/unittests/ct_dynamic.c:115:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cmdbuf, "values ('Bill', 44, 2000.00, 'May 21 1960', 60.97 ) ");
data/freetds-1.2.3/src/ctlib/unittests/ct_dynamic.c:120:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cmdbuf, "insert into #ct_dynamic ( name , age , cost , bdate , fval ) ");
data/freetds-1.2.3/src/ctlib/unittests/ct_dynamic.c:121:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cmdbuf, "values ('Freddy', 32, 1000.00, 'Jan 21 1972', 70.97 ) ");
data/freetds-1.2.3/src/ctlib/unittests/ct_dynamic.c:126:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cmdbuf, "insert into #ct_dynamic ( name , age , cost , bdate , fval ) ");
data/freetds-1.2.3/src/ctlib/unittests/ct_dynamic.c:127:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cmdbuf, "values ('James', 42, 5000.00, 'May 21 1962', 80.97 ) ");
data/freetds-1.2.3/src/ctlib/unittests/ct_dynamic.c:132:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cmdbuf, "select name from #ct_dynamic where age = ?");
data/freetds-1.2.3/src/ctlib/unittests/ct_dynamic.c:351:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cmdbuf, "select name from #ct_dynamic where age = ?");
data/freetds-1.2.3/src/ctlib/unittests/data.c:34:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[128];
data/freetds-1.2.3/src/ctlib/unittests/datafmt.c:46:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(select, "select name from systypes where datalength(name) > 2*9 order by datalength(name)");
data/freetds-1.2.3/src/ctlib/unittests/get_send_data.c:39:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char large_sql[1024];
data/freetds-1.2.3/src/ctlib/unittests/get_send_data.c:40:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char len600[601];
data/freetds-1.2.3/src/ctlib/unittests/get_send_data.c:41:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char len800[801];
data/freetds-1.2.3/src/ctlib/unittests/get_send_data.c:42:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[11];
data/freetds-1.2.3/src/ctlib/unittests/get_send_data.c:52:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp, "_abcde_%03d", (i + 1) * 10);
data/freetds-1.2.3/src/ctlib/unittests/get_send_data.c:59:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp, "_zzzzz_%03d", (i + 1) * 10);
data/freetds-1.2.3/src/ctlib/unittests/lang_ct_param.c:56:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cmdbuf, "create table #ctparam_lang (id numeric identity not null, \
data/freetds-1.2.3/src/ctlib/unittests/lang_ct_param.c:107:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char moneystring[10];
data/freetds-1.2.3/src/ctlib/unittests/lang_ct_param.c:108:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy_name[30];
data/freetds-1.2.3/src/ctlib/unittests/lang_ct_param.c:109:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy_name2[20];
data/freetds-1.2.3/src/ctlib/unittests/lang_ct_param.c:123:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dummy_name, "joe blow");
data/freetds-1.2.3/src/ctlib/unittests/lang_ct_param.c:125:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(moneystring, "300.90");
data/freetds-1.2.3/src/ctlib/unittests/lang_ct_param.c:180:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(datafmt.name, "@in1");
data/freetds-1.2.3/src/ctlib/unittests/lang_ct_param.c:199:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(datafmt.name, "@in2");
data/freetds-1.2.3/src/ctlib/unittests/lang_ct_param.c:214:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(datafmt.name, "@in3");
data/freetds-1.2.3/src/ctlib/unittests/lang_ct_param.c:228:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(datafmt.name, "@moneyval");
data/freetds-1.2.3/src/ctlib/unittests/lang_ct_param.c:242:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(datafmt.name, "@dateval");
data/freetds-1.2.3/src/ctlib/unittests/lang_ct_param.c:260:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(datafmt.name, "@floatval");
data/freetds-1.2.3/src/ctlib/unittests/long_binary.c:80:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[65536];
data/freetds-1.2.3/src/ctlib/unittests/long_binary.c:104:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
buffer_len = atoi(argv[1]);
data/freetds-1.2.3/src/ctlib/unittests/long_binary.c:114:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(datafmt.name, "@varbinary_param");
data/freetds-1.2.3/src/ctlib/unittests/row_count.c:124:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char results[1024];
data/freetds-1.2.3/src/ctlib/unittests/row_count.c:129:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cmdbuf, "create proc sample_rpc as ");
data/freetds-1.2.3/src/ctlib/unittests/row_count.c:131:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(results, "CS_ROW_RESULT -1\n");
data/freetds-1.2.3/src/ctlib/unittests/row_count.c:132:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cmdbuf, "insert into #tmp1 values(1) "
data/freetds-1.2.3/src/ctlib/unittests/row_count.c:138:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cmdbuf, "select * from #tmp1 where i > 10 ");
data/freetds-1.2.3/src/ctlib/unittests/row_count.c:139:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(results, "CS_CMD_DONE 0\n");
data/freetds-1.2.3/src/ctlib/unittests/row_count.c:141:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cmdbuf, "select * from #tmp1 ");
data/freetds-1.2.3/src/ctlib/unittests/row_count.c:142:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(results, "CS_CMD_DONE 3\n");
data/freetds-1.2.3/src/ctlib/unittests/row_count.c:145:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(results, "CS_STATUS_RESULT -1\n");
data/freetds-1.2.3/src/ctlib/unittests/row_count.c:148:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cmdbuf, "insert into #tmp1 values(4) "
data/freetds-1.2.3/src/ctlib/unittests/row_count.c:151:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(results, "CS_CMD_SUCCEED 2\n"
data/freetds-1.2.3/src/ctlib/unittests/row_count.c:154:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(results, "CS_CMD_SUCCEED -1\n"
data/freetds-1.2.3/src/ctlib/unittests/row_count.c:199:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char res[32];
data/freetds-1.2.3/src/ctlib/unittests/rpc_ct_param.c:56:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char moneystring[10];
data/freetds-1.2.3/src/ctlib/unittests/rpc_ct_param.c:57:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rpc_name[15];
data/freetds-1.2.3/src/ctlib/unittests/rpc_ct_param.c:87:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cmdbuf, "create proc sample_rpc (@intparam int, \
data/freetds-1.2.3/src/ctlib/unittests/rpc_ct_param.c:94:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cmdbuf, "select @intparam, @sintparam, @floatparam, @moneyparam, \
data/freetds-1.2.3/src/ctlib/unittests/rpc_ct_param.c:120:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(rpc_name, "sample_rpc");
data/freetds-1.2.3/src/ctlib/unittests/rpc_ct_param.c:121:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(moneystring, "300.90");
data/freetds-1.2.3/src/ctlib/unittests/rpc_ct_param.c:173:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(datafmt.name, "@intparam");
data/freetds-1.2.3/src/ctlib/unittests/rpc_ct_param.c:185:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(datafmt.name, "@sintparam");
data/freetds-1.2.3/src/ctlib/unittests/rpc_ct_param.c:197:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(datafmt.name, "@floatparam");
data/freetds-1.2.3/src/ctlib/unittests/rpc_ct_param.c:210:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(datafmt.name, "@moneyparam");
data/freetds-1.2.3/src/ctlib/unittests/rpc_ct_param.c:222:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(datafmt.name, "@dateparam");
data/freetds-1.2.3/src/ctlib/unittests/rpc_ct_param.c:237:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(datafmt.name, "@charparam");
data/freetds-1.2.3/src/ctlib/unittests/rpc_ct_param.c:253:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(datafmt.name, "@empty");
data/freetds-1.2.3/src/ctlib/unittests/rpc_ct_param.c:269:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(datafmt.name, "@binaryparam");
data/freetds-1.2.3/src/ctlib/unittests/rpc_ct_param.c:281:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(datafmt.name, "@bitparam");
data/freetds-1.2.3/src/ctlib/unittests/rpc_ct_setparam.c:58:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char moneystring[10];
data/freetds-1.2.3/src/ctlib/unittests/rpc_ct_setparam.c:59:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rpc_name[15];
data/freetds-1.2.3/src/ctlib/unittests/rpc_ct_setparam.c:81:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cmdbuf, "create proc sample_rpc (@intparam int, \
data/freetds-1.2.3/src/ctlib/unittests/rpc_ct_setparam.c:88:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cmdbuf, "select @intparam, @sintparam, @floatparam, @moneyparam, \
data/freetds-1.2.3/src/ctlib/unittests/rpc_ct_setparam.c:113:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(rpc_name, "sample_rpc");
data/freetds-1.2.3/src/ctlib/unittests/rpc_ct_setparam.c:114:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(moneystring, "300.90");
data/freetds-1.2.3/src/ctlib/unittests/rpc_ct_setparam.c:168:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(datafmt.name, "@intparam");
data/freetds-1.2.3/src/ctlib/unittests/rpc_ct_setparam.c:182:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(datafmt.name, "@sintparam");
data/freetds-1.2.3/src/ctlib/unittests/rpc_ct_setparam.c:196:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(datafmt.name, "@floatparam");
data/freetds-1.2.3/src/ctlib/unittests/rpc_ct_setparam.c:211:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(datafmt.name, "@moneyparam");
data/freetds-1.2.3/src/ctlib/unittests/rpc_ct_setparam.c:225:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(datafmt.name, "@dateparam");
data/freetds-1.2.3/src/ctlib/unittests/rpc_ct_setparam.c:243:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(datafmt.name, "@charparam");
data/freetds-1.2.3/src/ctlib/unittests/rpc_ct_setparam.c:262:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(datafmt.name, "@binaryparam");
data/freetds-1.2.3/src/ctlib/unittests/t0002.c:240:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt[40];
data/freetds-1.2.3/src/ctlib/unittests/t0002.c:245:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fmt, "%%-%d.%ds ", col[i].datafmt.namelen, col[i].datafmt.maxlength);
data/freetds-1.2.3/src/ctlib/unittests/t0002.c:252:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt[40];
data/freetds-1.2.3/src/ctlib/unittests/t0002.c:255:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fmt, "%%-%d.%ds ", col[i].datalength, col[i].datafmt.maxlength);
data/freetds-1.2.3/src/ctlib/unittests/t0003.c:32:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char large_sql[1024];
data/freetds-1.2.3/src/ctlib/unittests/t0003.c:33:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char len600[601];
data/freetds-1.2.3/src/ctlib/unittests/t0003.c:34:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[11];
data/freetds-1.2.3/src/ctlib/unittests/t0003.c:39:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp, "_abcde_%03d", (i + 1) * 10);
data/freetds-1.2.3/src/ctlib/unittests/t0004.c:26:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char query[1024];
data/freetds-1.2.3/src/ctlib/unittests/t0004.c:45:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(query, "INSERT #t0004 (id) VALUES (%d)", i);
data/freetds-1.2.3/src/ctlib/unittests/t0009.c:79:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(select, "select col1, col2, col3 from #ctlib0009 order by col2 ");
data/freetds-1.2.3/src/ctlib/unittests/t0009.c:80:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(select, "compute sum(col1) by col2 ");
data/freetds-1.2.3/src/ctlib/unittests/t0009.c:81:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(select, "compute max(col3)");
data/freetds-1.2.3/src/dblib/bcp.c:461:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(terminator, host_term, host_termlen);
data/freetds-1.2.3/src/dblib/bcp.c:642:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (strncasecmp((char *) value, hints[i], strlen(hints[i])) == 0) {
data/freetds-1.2.3/src/dblib/bcp.c:787:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*p_data, cr.c, buflen);
data/freetds-1.2.3/src/dblib/bcp.c:936:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(hostfile = fopen(dbproc->hostfileinfo->hostfile, "w"))) {
data/freetds-1.2.3/src/dblib/bcp.c:1451:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(hostfile = fopen(dbproc->hostfileinfo->hostfile, "r"))) {
data/freetds-1.2.3/src/dblib/bcp.c:1487:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(errfile = fopen(dbproc->hostfileinfo->errorfile, "w"))) {
data/freetds-1.2.3/src/dblib/bcp.c:1679:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/freetds-1.2.3/src/dblib/bcp.c:1691:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((ffile = fopen(filename, "r")) == NULL) {
data/freetds-1.2.3/src/dblib/bcp.c:1704:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
li_numcols = atoi(buffer);
data/freetds-1.2.3/src/dblib/bcp.c:1776:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char term[30];
data/freetds-1.2.3/src/dblib/bcp.c:1804:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ci->host_column = atoi(tok);
data/freetds-1.2.3/src/dblib/bcp.c:1861:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ci->prefix_len = atoi(tok);
data/freetds-1.2.3/src/dblib/bcp.c:1865:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ci->column_len = atoi(tok);
data/freetds-1.2.3/src/dblib/bcp.c:1910:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ci->terminator, term, i);
data/freetds-1.2.3/src/dblib/bcp.c:1917:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ci->tab_colnum = atoi(tok);
data/freetds-1.2.3/src/dblib/bcp.c:2157:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(colinfo->bcp_terminator, terminator, termlen);
data/freetds-1.2.3/src/dblib/dblib.c:574:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(varaddr, pnullrep->bindval, pnullrep->len);
data/freetds-1.2.3/src/dblib/dblib.c:583:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(varaddr, pnullrep->bindval, pnullrep->len);
data/freetds-1.2.3/src/dblib/dblib.c:1032:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((*strp)->strtext, p, (*strp)->strtotlen);
data/freetds-1.2.3/src/dblib/dblib.c:1098:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp, next->strtext, next->strtotlen);
data/freetds-1.2.3/src/dblib/dblib.c:1105:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *const opttext[DBNUMOPTIONS] = {
data/freetds-1.2.3/src/dblib/dblib.c:1300:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dbproc->nullreps, default_null_representations, sizeof(default_null_representations));
data/freetds-1.2.3/src/dblib/dblib.c:1309:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dbproc->ftos = fopen(temp_filename, "w");
data/freetds-1.2.3/src/dblib/dblib.c:1312:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timestr[256];
data/freetds-1.2.3/src/dblib/dblib.c:1403:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dbproc->dbbuf + buf_len, cmdstring, cmd_len);
data/freetds-1.2.3/src/dblib/dblib.c:1465:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(query, "use ");
data/freetds-1.2.3/src/dblib/dblib.c:1494:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timestr[256];
data/freetds-1.2.3/src/dblib/dblib.c:2029:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pval, bindval, bindlen);
data/freetds-1.2.3/src/dblib/dblib.c:2385:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src, srclen);
data/freetds-1.2.3/src/dblib/dblib.c:2409:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src, srclen);
data/freetds-1.2.3/src/dblib/dblib.c:2419:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src, srclen);
data/freetds-1.2.3/src/dblib/dblib.c:2445:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src, ret);
data/freetds-1.2.3/src/dblib/dblib.c:2453:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src, ret);
data/freetds-1.2.3/src/dblib/dblib.c:2470:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src, srclen);
data/freetds-1.2.3/src/dblib/dblib.c:2493:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, dres.ib, len);
data/freetds-1.2.3/src/dblib/dblib.c:2523:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, &(dres.ti), len);
data/freetds-1.2.3/src/dblib/dblib.c:2542:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, dres.c, len);
data/freetds-1.2.3/src/dblib/dblib.c:2547:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, dres.c, len);
data/freetds-1.2.3/src/dblib/dblib.c:2561:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, dres.c, len);
data/freetds-1.2.3/src/dblib/dblib.c:3485:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buffer, "NULL");
data/freetds-1.2.3/src/dblib/dblib.c:3550:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dest[8192];
data/freetds-1.2.3/src/dblib/dblib.c:3592:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dest, "NULL");
data/freetds-1.2.3/src/dblib/dblib.c:3923:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, tds_dstr_cstr(&colinfo->column_name), namlen);
data/freetds-1.2.3/src/dblib/dblib.c:4551:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(char_param);
data/freetds-1.2.3/src/dblib/dblib.c:4579:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nrows = atoi(char_param);
data/freetds-1.2.3/src/dblib/dblib.c:4607:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(char_param);
data/freetds-1.2.3/src/dblib/dblib.c:6366:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, (char *) &dbproc->dbbuf[start], numbytes);
data/freetds-1.2.3/src/dblib/dblib.c:6601:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char textptr_string[35]; /* 16 * 2 + 2 (0x) + 1 */
data/freetds-1.2.3/src/dblib/dblib.c:6602:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timestamp_string[19]; /* 8 * 2 + 2 (0x) + 1 */
data/freetds-1.2.3/src/dblib/dblib.c:6719:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &((TDSBLOB *) curcol->column_data)->textvalue[curcol->column_textpos], cpbytes);
data/freetds-1.2.3/src/dblib/dblib.c:7053:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timestr[256];
data/freetds-1.2.3/src/dblib/dblib.c:7491:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bin->array, src, srclen);
data/freetds-1.2.3/src/dblib/dblib.c:7499:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src, srclen);
data/freetds-1.2.3/src/dblib/dblib.c:7521:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src, srclen);
data/freetds-1.2.3/src/dblib/dblib.c:7534:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src, srclen);
data/freetds-1.2.3/src/dblib/dblib.c:7549:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src, srclen);
data/freetds-1.2.3/src/dblib/dblib.c:7561:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(((DBVARYCHAR *)dest)->str, src, srclen);
data/freetds-1.2.3/src/dblib/dblib.c:7584:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src, ret);
data/freetds-1.2.3/src/dblib/dblib.c:7592:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src, ret);
data/freetds-1.2.3/src/dblib/dblib.c:7626:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(((DBVARYBIN *)dest)->array, dres.c, len);
data/freetds-1.2.3/src/dblib/dblib.c:7632:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, dres.ib, len);
data/freetds-1.2.3/src/dblib/dblib.c:7662:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, &(dres.ti), len);
data/freetds-1.2.3/src/dblib/dblib.c:7679:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, dres.c, len);
data/freetds-1.2.3/src/dblib/dblib.c:7691:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, dres.c, len);
data/freetds-1.2.3/src/dblib/dblib.c:7706:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, dres.c, len);
data/freetds-1.2.3/src/dblib/dblib.c:7718:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(((DBVARYCHAR *)dest)->str, dres.c, len);
data/freetds-1.2.3/src/dblib/dblib.c:8142:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rc_buf[16];
data/freetds-1.2.3/src/dblib/dblib.c:8272:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(rc_buf, "%d", rc);
data/freetds-1.2.3/src/dblib/dbpivot.c:275:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pdest, psrc, sizeof(*pdest));
data/freetds-1.2.3/src/dblib/dbpivot.c:281:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pdest->s, psrc->s, psrc->len);
data/freetds-1.2.3/src/dblib/dbpivot.c:744:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char dashes[31] = "------------------------------";
data/freetds-1.2.3/src/dblib/dbpivot.c:918:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024] = {'\0'}, *s = buffer;
data/freetds-1.2.3/src/dblib/dbpivot.c:919:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const static char *const names[2] = { "\tkeys (down)", "\n\tcols (across)" };
data/freetds-1.2.3/src/dblib/dbpivot.c:1067:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256] = {0};
data/freetds-1.2.3/src/dblib/dbpivot.c:1071:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(name, pp->pout->col_key.keys[0].s, pp->pout->col_key.keys[0].len),
data/freetds-1.2.3/src/dblib/dbpivot.c:1265:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[14];
data/freetds-1.2.3/src/dblib/rpc.c:342:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(curcol->column_data, value, size);
data/freetds-1.2.3/src/dblib/rpc.c:350:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(blob->textvalue, value, size);
data/freetds-1.2.3/src/dblib/unittests/batch_stmt_ins_sel.c:48:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(argv[1]);
data/freetds-1.2.3/src/dblib/unittests/batch_stmt_ins_upd.c:47:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(argv[1]);
data/freetds-1.2.3/src/dblib/unittests/bcp.c:16:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cmd[1024];
data/freetds-1.2.3/src/dblib/unittests/common.c:27:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char USER[512];
data/freetds-1.2.3/src/dblib/unittests/common.c:28:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char SERVER[512];
data/freetds-1.2.3/src/dblib/unittests/common.c:29:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PASSWORD[512];
data/freetds-1.2.3/src/dblib/unittests/common.c:30:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char DATABASE[512];
data/freetds-1.2.3/src/dblib/unittests/common.c:32:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sql_file[PATH_MAX];
data/freetds-1.2.3/src/dblib/unittests/common.c:109:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[512];
data/freetds-1.2.3/src/dblib/unittests/common.c:111:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/freetds-1.2.3/src/dblib/unittests/common.c:189:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in = fopen(s1, "r");
data/freetds-1.2.3/src/dblib/unittests/common.c:191:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in = fopen(filename, "r");
data/freetds-1.2.3/src/dblib/unittests/common.c:193:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in = fopen("PWD", "r");
data/freetds-1.2.3/src/dblib/unittests/common.c:197:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in = fopen(filename, "r");
data/freetds-1.2.3/src/dblib/unittests/common.c:255:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((input_file = fopen(sql_file, "r")) == NULL) {
data/freetds-1.2.3/src/dblib/unittests/common.c:275:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[2048], *p = line;
data/freetds-1.2.3/src/dblib/unittests/common.c:317:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((input_file = fopen(sql_file, "r")) == NULL) {
data/freetds-1.2.3/src/dblib/unittests/common.h:85:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char PASSWORD[512];
data/freetds-1.2.3/src/dblib/unittests/common.h:86:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char USER[512];
data/freetds-1.2.3/src/dblib/unittests/common.h:87:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char SERVER[512];
data/freetds-1.2.3/src/dblib/unittests/common.h:88:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char DATABASE[512];
data/freetds-1.2.3/src/dblib/unittests/dbsafestr.c:16:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char safestr[100];
data/freetds-1.2.3/src/dblib/unittests/done_handling.c:35:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char unknown[24];
data/freetds-1.2.3/src/dblib/unittests/done_handling.c:44:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(unknown, "oops: %u ??", retcode);
data/freetds-1.2.3/src/dblib/unittests/done_handling.c:52:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char unknown[24];
data/freetds-1.2.3/src/dblib/unittests/done_handling.c:58:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(unknown, "oops: %u ??", retcode);
data/freetds-1.2.3/src/dblib/unittests/hang.c:46:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[256];
data/freetds-1.2.3/src/dblib/unittests/null2.c:43:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text_buf[16];
data/freetds-1.2.3/src/dblib/unittests/rpc.c:118:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char param_data1[64], param_data3[8000+1], param_data4[2 * 4000 + 1];
data/freetds-1.2.3/src/dblib/unittests/rpc.c:177:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char teststr[8000+1], abbrev_data[10+3+1], *output;
data/freetds-1.2.3/src/dblib/unittests/rpc.c:297:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bound_buffers[nbuf][buflen] = { "one", "two", "three", "four", "five" };
data/freetds-1.2.3/src/dblib/unittests/rpc.c:371:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(abbrev_data, teststr, 10);
data/freetds-1.2.3/src/dblib/unittests/rpc.c:372:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&abbrev_data[10], "...");
data/freetds-1.2.3/src/dblib/unittests/setnull.c:14:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char db_c[16];
data/freetds-1.2.3/src/dblib/unittests/setnull.c:27:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(db_c, "123456");
data/freetds-1.2.3/src/dblib/unittests/string_bind.c:16:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[11];
data/freetds-1.2.3/src/dblib/unittests/t0001.c:18:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char teststr[1024];
data/freetds-1.2.3/src/dblib/unittests/t0001.c:47:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(argv[1]);
data/freetds-1.2.3/src/dblib/unittests/t0001.c:109:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expected[1024];
data/freetds-1.2.3/src/dblib/unittests/t0001.c:111:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(expected, "row %03d", i);
data/freetds-1.2.3/src/dblib/unittests/t0002.c:18:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expected[1024];
data/freetds-1.2.3/src/dblib/unittests/t0002.c:20:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(expected, "row %03d", i);
data/freetds-1.2.3/src/dblib/unittests/t0002.c:43:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char teststr[1024];
data/freetds-1.2.3/src/dblib/unittests/t0003.c:19:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char teststr[1024];
data/freetds-1.2.3/src/dblib/unittests/t0003.c:88:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expected[1024];
data/freetds-1.2.3/src/dblib/unittests/t0003.c:90:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(expected, "row %03d", i);
data/freetds-1.2.3/src/dblib/unittests/t0004.c:16:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s, teststr[1024];
data/freetds-1.2.3/src/dblib/unittests/t0004.c:76:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expected[1024];
data/freetds-1.2.3/src/dblib/unittests/t0004.c:78:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(expected, "row %04d", i);
data/freetds-1.2.3/src/dblib/unittests/t0004.c:86:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(teststr, "bogus");
data/freetds-1.2.3/src/dblib/unittests/t0005.c:15:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char teststr[1024];
data/freetds-1.2.3/src/dblib/unittests/t0005.c:85:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expected[1024];
data/freetds-1.2.3/src/dblib/unittests/t0005.c:87:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(expected, "row %04d", i);
data/freetds-1.2.3/src/dblib/unittests/t0005.c:90:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(teststr, "bogus");
data/freetds-1.2.3/src/dblib/unittests/t0005.c:134:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expected[1024];
data/freetds-1.2.3/src/dblib/unittests/t0005.c:136:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(expected, "row %04d", i);
data/freetds-1.2.3/src/dblib/unittests/t0005.c:139:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(teststr, "bogus");
data/freetds-1.2.3/src/dblib/unittests/t0005.c:206:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expected[1024];
data/freetds-1.2.3/src/dblib/unittests/t0005.c:208:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(expected, "row %04d", i);
data/freetds-1.2.3/src/dblib/unittests/t0005.c:211:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(teststr, "bogus");
data/freetds-1.2.3/src/dblib/unittests/t0006.c:8:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char teststr[1024];
data/freetds-1.2.3/src/dblib/unittests/t0006.c:20:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expected[1024];
data/freetds-1.2.3/src/dblib/unittests/t0006.c:23:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(expected, "row %04d", current);
data/freetds-1.2.3/src/dblib/unittests/t0006.c:121:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(teststr, "bogus");
data/freetds-1.2.3/src/dblib/unittests/t0007.c:56:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(textbuf, "0x"); /* must be large enough */
data/freetds-1.2.3/src/dblib/unittests/t0007.c:58:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(textbuf + 2 + i * 2, "%02X", binarybuffer[i]);
data/freetds-1.2.3/src/dblib/unittests/t0007.c:69:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char teststr[1024], teststr2[1024];
data/freetds-1.2.3/src/dblib/unittests/t0007.c:113:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expected[1024];
data/freetds-1.2.3/src/dblib/unittests/t0007.c:115:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(expected, "row %07d", i);
data/freetds-1.2.3/src/dblib/unittests/t0007.c:122:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(teststr, "bogus");
data/freetds-1.2.3/src/dblib/unittests/t0007.c:165:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expected[1024];
data/freetds-1.2.3/src/dblib/unittests/t0007.c:167:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(expected, "row %07d ", i);
data/freetds-1.2.3/src/dblib/unittests/t0008.c:15:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char teststr[1024];
data/freetds-1.2.3/src/dblib/unittests/t0008.c:61:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/freetds-1.2.3/src/dblib/unittests/t0008.c:63:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cmd, "insert into #dblib0008 values (%d, 'row %03d')", i, i);
data/freetds-1.2.3/src/dblib/unittests/t0008.c:87:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expected[1024];
data/freetds-1.2.3/src/dblib/unittests/t0008.c:89:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(expected, "row %03d", i);
data/freetds-1.2.3/src/dblib/unittests/t0009.c:14:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char teststr[1024];
data/freetds-1.2.3/src/dblib/unittests/t0011.c:70:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char teststr[1024];
data/freetds-1.2.3/src/dblib/unittests/t0011.c:71:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char teststr2[1024];
data/freetds-1.2.3/src/dblib/unittests/t0011.c:72:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char testvstr[1024];
data/freetds-1.2.3/src/dblib/unittests/t0012.c:40:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char datestring[256];
data/freetds-1.2.3/src/dblib/unittests/t0012.c:105:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&mydatetime, (DBDATETIME *) (dbdata(dbproc, 1)), sizeof(DBDATETIME));
data/freetds-1.2.3/src/dblib/unittests/t0013.c:43:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char objname[256];
data/freetds-1.2.3/src/dblib/unittests/t0013.c:44:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rbuf[BLOB_BLOCK_SIZE];
data/freetds-1.2.3/src/dblib/unittests/t0013.c:84:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(argv[1], "rb")) == NULL) {
data/freetds-1.2.3/src/dblib/unittests/t0013.c:246:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *) (rblob + numread), (void *) rbuf, result);
data/freetds-1.2.3/src/dblib/unittests/t0013.c:254:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(argv[2], "wb")) == NULL) {
data/freetds-1.2.3/src/dblib/unittests/t0014.c:25:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char objname[256];
data/freetds-1.2.3/src/dblib/unittests/t0014.c:26:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sqlCmd[256];
data/freetds-1.2.3/src/dblib/unittests/t0014.c:27:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rbuf[BLOB_BLOCK_SIZE];
data/freetds-1.2.3/src/dblib/unittests/t0014.c:69:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(argv[1], "rb")) == NULL) {
data/freetds-1.2.3/src/dblib/unittests/t0014.c:118:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(objname, "dblib0014.PigTure");
data/freetds-1.2.3/src/dblib/unittests/t0014.c:177:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expected[1024];
data/freetds-1.2.3/src/dblib/unittests/t0014.c:179:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(expected, "row %03d", i);
data/freetds-1.2.3/src/dblib/unittests/t0014.c:191:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sqlCmd, "SET TEXTSIZE 2147483647");
data/freetds-1.2.3/src/dblib/unittests/t0014.c:200:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sqlCmd, "SELECT PigTure FROM dblib0014 WHERE i = %d", i);
data/freetds-1.2.3/src/dblib/unittests/t0014.c:213:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *) (rblob + numread), (void *) rbuf, result);
data/freetds-1.2.3/src/dblib/unittests/t0014.c:220:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(argv[2], "wb")) == NULL) {
data/freetds-1.2.3/src/dblib/unittests/t0015.c:15:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char teststr[1024];
data/freetds-1.2.3/src/dblib/unittests/t0015.c:106:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expected[1024];
data/freetds-1.2.3/src/dblib/unittests/t0015.c:108:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(expected, "row %03d", i);
data/freetds-1.2.3/src/dblib/unittests/t0016.c:34:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char in_file[30];
data/freetds-1.2.3/src/dblib/unittests/t0016.c:96:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char line1[1024*16];
data/freetds-1.2.3/src/dblib/unittests/t0016.c:97:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char line2[1024*16];
data/freetds-1.2.3/src/dblib/unittests/t0016.c:112:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char in_file[256];
data/freetds-1.2.3/src/dblib/unittests/t0016.c:115:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input_file = fopen(in_file, "rb");
data/freetds-1.2.3/src/dblib/unittests/t0016.c:118:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input_file = fopen(in_file, "rb");
data/freetds-1.2.3/src/dblib/unittests/t0016.c:262:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f1 = fopen(fn1, "r");
data/freetds-1.2.3/src/dblib/unittests/t0016.c:263:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f2 = fopen(fn2, "r");
data/freetds-1.2.3/src/dblib/unittests/t0018.c:18:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char teststr[1024];
data/freetds-1.2.3/src/dblib/unittests/t0018.c:106:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expected[1024];
data/freetds-1.2.3/src/dblib/unittests/t0018.c:108:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(expected, "row %03d", i);
data/freetds-1.2.3/src/dblib/unittests/t0019.c:44:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[20], *p;
data/freetds-1.2.3/src/dblib/unittests/t0019.c:46:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out[256];
data/freetds-1.2.3/src/dblib/unittests/t0019.c:52:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(out, "len=%d", len);
data/freetds-1.2.3/src/dblib/unittests/t0019.c:56:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(strchr(out, 0), " %02X", (unsigned char) buf[i]);
data/freetds-1.2.3/src/dblib/unittests/t0022.c:15:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char teststr[1024];
data/freetds-1.2.3/src/dblib/unittests/text_buffer.c:14:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char teststr[1024];
data/freetds-1.2.3/src/dblib/unittests/thread.c:39:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char teststr[1024];
data/freetds-1.2.3/src/dblib/unittests/thread.c:63:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expected[64];
data/freetds-1.2.3/src/dblib/unittests/thread.c:65:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(expected, "row %d", i);
data/freetds-1.2.3/src/dblib/unittests/thread.c:198:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[128];
data/freetds-1.2.3/src/dblib/unittests/thread.c:200:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cmd, "insert into dblib_thread values (%d, 'row %d')", i, i);
data/freetds-1.2.3/src/dblib/unittests/timeout.c:100:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char teststr[1024];
data/freetds-1.2.3/src/dblib/unittests/timeout.c:101:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timeout[32];
data/freetds-1.2.3/src/dblib/unittests/timeout.c:103:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(timeout, "%d", timeout_seconds);
data/freetds-1.2.3/src/odbc/bcp.c:403:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(colinfo->bcp_terminator, terminator, termlen);
data/freetds-1.2.3/src/odbc/bcp.c:421:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src, destlen);
data/freetds-1.2.3/src/odbc/bcp.c:463:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(num.array + 1, sql_num->val, len - 1);
data/freetds-1.2.3/src/odbc/bcp.c:480:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src, ret);
data/freetds-1.2.3/src/odbc/bcp.c:504:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, dres.ib, ret);
data/freetds-1.2.3/src/odbc/bcp.c:526:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, &dres, len);
data/freetds-1.2.3/src/odbc/bcp.c:572:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ti, dataptr, 1);
data/freetds-1.2.3/src/odbc/bcp.c:577:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&si, dataptr, 2);
data/freetds-1.2.3/src/odbc/bcp.c:582:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&li, dataptr, 4);
data/freetds-1.2.3/src/odbc/bcp.c:587:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&lli, dataptr, 8);
data/freetds-1.2.3/src/odbc/connectparams.c:119:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (p && atoi(p+1) > 0) {
data/freetds-1.2.3/src/odbc/connectparams.c:120:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
login->port = atoi(p+1);
data/freetds-1.2.3/src/odbc/connectparams.c:150:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[FILENAME_MAX];
data/freetds-1.2.3/src/odbc/connectparams.c:283:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char option[24];
data/freetds-1.2.3/src/odbc/connectparams.c:310:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(option, p, end - p);
data/freetds-1.2.3/src/odbc/connectparams.c:566:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
hFile = fopen(pszFileName, "r");
data/freetds-1.2.3/src/odbc/connectparams.c:605:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ret = fopen(p, "r");
data/freetds-1.2.3/src/odbc/connectparams.c:613:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ret = fopen(fn, "r");
data/freetds-1.2.3/src/odbc/connectparams.c:623:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ret = fopen(SYS_ODBC_INI, "r");
data/freetds-1.2.3/src/odbc/connectparams.c:656:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szName[INI_MAX_PROPERTY_NAME + 1]; /* property name */
data/freetds-1.2.3/src/odbc/connectparams.c:657:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szValue[INI_MAX_PROPERTY_VALUE + 1]; /* property value */
data/freetds-1.2.3/src/odbc/connectparams.c:737:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hLastProperty->aPromptData, aBoolean, sizeof(aBoolean));
data/freetds-1.2.3/src/odbc/connectparams.c:761:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hLastProperty->aPromptData, list, size);
data/freetds-1.2.3/src/odbc/convert_tds2sql.c:52:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*pbuf, curcol->column_iconv_buf, cp);
data/freetds-1.2.3/src/odbc/convert_tds2sql.c:243:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, buf, cplen);
data/freetds-1.2.3/src/odbc/convert_tds2sql.c:271:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src, cplen);
data/freetds-1.2.3/src/odbc/convert_tds2sql.c:361:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[48];
data/freetds-1.2.3/src/odbc/convert_tds2sql.c:412:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf + strlen(buf), " %c%02d:%02d", sign, off / 60, off % 60);
data/freetds-1.2.3/src/odbc/convert_tds2sql.c:416:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, buf, ODBC_MIN(destlen, nRetVal));
data/freetds-1.2.3/src/odbc/convert_tds2sql.c:595:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(num->val, ores.n.array + 1, i);
data/freetds-1.2.3/src/odbc/convert_tds2sql.c:605:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, &(ores.u), sizeof(TDS_UNIQUE));
data/freetds-1.2.3/src/odbc/descriptor.c:172:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest_rec, src_rec, sizeof(struct _drecord));
data/freetds-1.2.3/src/odbc/error.c:50:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sqlstate[6];
data/freetds-1.2.3/src/odbc/error.c:169:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char v3[6];
data/freetds-1.2.3/src/odbc/error.c:170:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char v2[6];
data/freetds-1.2.3/src/odbc/error.c:611:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[16];
data/freetds-1.2.3/src/odbc/error.c:723:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
cplen = sprintf(tmp, "%d", dbc->tds_socket->conn->spid);
data/freetds-1.2.3/src/odbc/native.c:155:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d, "exec ", 5);
data/freetds-1.2.3/src/odbc/odbc.c:150:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define ODBC_PRRET_BUF char unknown_prret_buf[24]
data/freetds-1.2.3/src/odbc/odbc.c:240:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(query, "USE ");
data/freetds-1.2.3/src/odbc/odbc.c:271:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char query[64];
data/freetds-1.2.3/src/odbc/odbc.c:355:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dbc->attr.packet_size = atoi(newval);
data/freetds-1.2.3/src/odbc/odbc.c:1387:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(Value, src, size);
data/freetds-1.2.3/src/odbc/odbc.c:3023:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, start, buf_len);
data/freetds-1.2.3/src/odbc/odbc.c:3104:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/freetds-1.2.3/src/odbc/odbc.c:4487:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(Value, src, size);
data/freetds-1.2.3/src/odbc/odbc.c:5166:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/freetds-1.2.3/src/odbc/odbc.c:5449:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%02d.%02d.%04d", TDS_VERSION_MAJOR,
data/freetds-1.2.3/src/odbc/odbc.c:6044:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sql[sizeof(sql_templ_default) + 36];
data/freetds-1.2.3/src/odbc/odbc.c:6069:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(sql, ",3");
data/freetds-1.2.3/src/odbc/odbc.c:6985:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, begin, p - begin);
data/freetds-1.2.3/src/odbc/odbc.c:6989:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, begin, p - begin);
data/freetds-1.2.3/src/odbc/odbc.c:7126:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prev, buf[1200], *dst;
data/freetds-1.2.3/src/odbc/odbc.c:7136:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, s, len);
data/freetds-1.2.3/src/odbc/odbc.c:7226:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(col->column_data, value, len);
data/freetds-1.2.3/src/odbc/odbc.c:7325:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1200];
data/freetds-1.2.3/src/odbc/odbc_util.c:442:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((char *) buffer)[len] = 0;
data/freetds-1.2.3/src/odbc/odbc_util.c:462:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char discard[128];
data/freetds-1.2.3/src/odbc/odbc_util.c:474:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(((char *) buffer) + out_len, discard, max_copy);
data/freetds-1.2.3/src/odbc/odbc_util.c:481:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((char *) buffer)[cbBuffer-1 < out_len ? cbBuffer-1:out_len] = 0;
data/freetds-1.2.3/src/odbc/odbc_util.c:492:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((char *) buffer)[len] = 0;
data/freetds-1.2.3/src/odbc/odbc_util.c:884:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pversion_string, "%.02d.%.02d.%.04d", (int) ((version & 0x7F000000) >> 24),
data/freetds-1.2.3/src/odbc/prepare_query.c:131:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, start, p - start);
data/freetds-1.2.3/src/odbc/prepare_query.c:445:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(blob->textvalue + curcol->column_cur_size, DataPtr, len);
data/freetds-1.2.3/src/odbc/prepare_query.c:448:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(curcol->column_data + curcol->column_cur_size, DataPtr, len);
data/freetds-1.2.3/src/odbc/sql2tds.c:210:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(curcol->column_collation, conn->collation, sizeof(conn->collation));
data/freetds-1.2.3/src/odbc/sql2tds.c:412:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(num.array + 1, sql_num->val, i - 1);
data/freetds-1.2.3/src/odbc/unittests/all_types.c:11:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *sql_c_types_names[100];
data/freetds-1.2.3/src/odbc/unittests/array.c:26:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char status[20];
data/freetds-1.2.3/src/odbc/unittests/array.c:46:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf((char *) descs[i], "data %d \xf4", i * 7);
data/freetds-1.2.3/src/odbc/unittests/array.c:46:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
sprintf((char *) descs[i], "data %d \xf4", i * 7);
data/freetds-1.2.3/src/odbc/unittests/array.c:61:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/freetds-1.2.3/src/odbc/unittests/array.c:63:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Invalid processed number: %d", (int) processed);
data/freetds-1.2.3/src/odbc/unittests/array_error.c:14:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[20];
data/freetds-1.2.3/src/odbc/unittests/array_error.c:34:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(string, "test");
data/freetds-1.2.3/src/odbc/unittests/array_error.c:40:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(string, "test2");
data/freetds-1.2.3/src/odbc/unittests/array_out.c:31:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char status[20];
data/freetds-1.2.3/src/odbc/unittests/array_out.c:66:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf((char *) DESCS(i), "aaa");
data/freetds-1.2.3/src/odbc/unittests/array_out.c:81:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/freetds-1.2.3/src/odbc/unittests/array_out.c:83:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%crow number %d", 'a' + i, i * 13);
data/freetds-1.2.3/src/odbc/unittests/array_out.c:133:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/freetds-1.2.3/src/odbc/unittests/array_out.c:135:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "INSERT INTO #odbc_test(i, t) VALUES(%d, '%crow number %d')", i + 1, 'a' + i, i * 13);
data/freetds-1.2.3/src/odbc/unittests/attributes.c:274:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/freetds-1.2.3/src/odbc/unittests/attributes.c:286:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(in_file, "r");
data/freetds-1.2.3/src/odbc/unittests/attributes.c:288:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(TEST_FILE, "r");
data/freetds-1.2.3/src/odbc/unittests/bcp.c:18:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[64];
data/freetds-1.2.3/src/odbc/unittests/bcp.c:395:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[128];
data/freetds-1.2.3/src/odbc/unittests/bcp.c:405:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[128];
data/freetds-1.2.3/src/odbc/unittests/bcp.c:425:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[128];
data/freetds-1.2.3/src/odbc/unittests/blob1.c:27:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf + 2*n, "%2x", (unsigned int)('a' + ((start+n) * step % ('z' - 'a' + 1))));
data/freetds-1.2.3/src/odbc/unittests/blob1.c:47:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char symbol[3];
data/freetds-1.2.3/src/odbc/unittests/blob1.c:50:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(symbol, "%2x", (unsigned int)('a' + ((start+n) / 2 * step % ('z' - 'a' + 1))));
data/freetds-1.2.3/src/odbc/unittests/blob1.c:75:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[17];
data/freetds-1.2.3/src/odbc/unittests/blob1.c:92:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/freetds-1.2.3/src/odbc/unittests/blob1.c:125:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192];
data/freetds-1.2.3/src/odbc/unittests/blob1.c:242:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sql[256];
data/freetds-1.2.3/src/odbc/unittests/blob1.c:261:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sql, "CREATE TABLE #tt(k INT");
data/freetds-1.2.3/src/odbc/unittests/blob1.c:264:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(sql, ",v INT)");
data/freetds-1.2.3/src/odbc/unittests/blob1.c:279:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sql, "INSERT INTO #tt VALUES(?");
data/freetds-1.2.3/src/odbc/unittests/blob1.c:281:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(sql, ",?");
data/freetds-1.2.3/src/odbc/unittests/blob1.c:282:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(sql, ",?)");
data/freetds-1.2.3/src/odbc/unittests/blob1.c:349:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sql, "SELECT ");
data/freetds-1.2.3/src/odbc/unittests/blob1.c:351:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(strchr(sql, 0), "f%u,", t->num);
data/freetds-1.2.3/src/odbc/unittests/blob1.c:352:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(sql, "v FROM #tt WHERE k = ?");
data/freetds-1.2.3/src/odbc/unittests/c2string.c:8:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
s += sprintf(s, "\\\\");
data/freetds-1.2.3/src/odbc/unittests/c2string.c:10:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
s += sprintf(s, "\\t");
data/freetds-1.2.3/src/odbc/unittests/c2string.c:12:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
s += sprintf(s, "\\r");
data/freetds-1.2.3/src/odbc/unittests/c2string.c:14:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
s += sprintf(s, "\\n");
data/freetds-1.2.3/src/odbc/unittests/c2string.c:16:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
s += sprintf(s, "\\x%02x", (unsigned int) ch);
data/freetds-1.2.3/src/odbc/unittests/c2string.c:18:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
s += sprintf(s, "%c", (char) ch);
data/freetds-1.2.3/src/odbc/unittests/c2string.c:20:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
s += sprintf(s, "\\u%04x", (unsigned int) ch);
data/freetds-1.2.3/src/odbc/unittests/c2string.c:28:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bin[256];
data/freetds-1.2.3/src/odbc/unittests/c2string.c:29:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[256];
data/freetds-1.2.3/src/odbc/unittests/c2string.c:48:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
s += sprintf(s, "%d %d %d ", num->precision, num->scale, num->sign);
data/freetds-1.2.3/src/odbc/unittests/c2string.c:53:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
s += sprintf(s, "%02X", num->val[i]);
data/freetds-1.2.3/src/odbc/unittests/c2string.c:58:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
s += sprintf(s, "%02X", IN.bin[i]);
data/freetds-1.2.3/src/odbc/unittests/c2string.c:62:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
s += sprintf(s, "%u ", (unsigned int) in_len);
data/freetds-1.2.3/src/odbc/unittests/c2string.c:69:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
s += sprintf(s, "%u ", (unsigned int) (in_len / sizeof(SQLWCHAR)));
data/freetds-1.2.3/src/odbc/unittests/c2string.c:76:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "%ld", (long int) IN.i);
data/freetds-1.2.3/src/odbc/unittests/c2string.c:84:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "%d", (int) IN.si);
data/freetds-1.2.3/src/odbc/unittests/c2string.c:87:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "%04d-%02u-%02u %02u:%02u:%02u.%03u",
data/freetds-1.2.3/src/odbc/unittests/cancel.c:157:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen("odbcinst.ini", "w");
data/freetds-1.2.3/src/odbc/unittests/closestmt.c:14:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sql[128];
data/freetds-1.2.3/src/odbc/unittests/closestmt.c:26:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sql, "insert into #tmp select i+%d, c from #tmp where i <= %d", 1 << i, 1 << i);
data/freetds-1.2.3/src/odbc/unittests/common.c:37:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char odbc_user[512];
data/freetds-1.2.3/src/odbc/unittests/common.c:38:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char odbc_server[512];
data/freetds-1.2.3/src/odbc/unittests/common.c:39:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char odbc_password[512];
data/freetds-1.2.3/src/odbc/unittests/common.c:40:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char odbc_database[512];
data/freetds-1.2.3/src/odbc/unittests/common.c:41:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char odbc_driver[1024];
data/freetds-1.2.3/src/odbc/unittests/common.c:45:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char db_str_version[32];
data/freetds-1.2.3/src/odbc/unittests/common.c:54:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(path, "rb");
data/freetds-1.2.3/src/odbc/unittests/common.c:69:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/freetds-1.2.3/src/odbc/unittests/common.c:96:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[512];
data/freetds-1.2.3/src/odbc/unittests/common.c:99:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[1024];
data/freetds-1.2.3/src/odbc/unittests/common.c:111:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in = fopen(s1, "r");
data/freetds-1.2.3/src/odbc/unittests/common.c:113:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in = fopen(PWD, "r");
data/freetds-1.2.3/src/odbc/unittests/common.c:115:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in = fopen("PWD", "r");
data/freetds-1.2.3/src/odbc/unittests/common.c:169:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (s1 && atoi(s1) == 0)
data/freetds-1.2.3/src/odbc/unittests/common.c:174:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "odbc.ini.%d", (int) getpid());
data/freetds-1.2.3/src/odbc/unittests/common.c:175:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in = fopen(path, "w");
data/freetds-1.2.3/src/odbc/unittests/common.c:260:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[512+10];
data/freetds-1.2.3/src/odbc/unittests/common.c:280:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (p && atoi(p) != 0)
data/freetds-1.2.3/src/odbc/unittests/common.c:566:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (p && atoi(p) != 0)
data/freetds-1.2.3/src/odbc/unittests/common.c:658:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char odbc_err[512];
data/freetds-1.2.3/src/odbc/unittests/common.c:659:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char odbc_sqlstate[6];
data/freetds-1.2.3/src/odbc/unittests/common.c:759:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy[256];
data/freetds-1.2.3/src/odbc/unittests/common.c:789:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char fd_bitmask[NUM_FDS / 8];
data/freetds-1.2.3/src/odbc/unittests/common.h:48:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char odbc_err[512];
data/freetds-1.2.3/src/odbc/unittests/common.h:49:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char odbc_sqlstate[6];
data/freetds-1.2.3/src/odbc/unittests/common.h:52:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char odbc_user[512];
data/freetds-1.2.3/src/odbc/unittests/common.h:53:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char odbc_server[512];
data/freetds-1.2.3/src/odbc/unittests/common.h:54:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char odbc_password[512];
data/freetds-1.2.3/src/odbc/unittests/common.h:55:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char odbc_database[512];
data/freetds-1.2.3/src/odbc/unittests/common.h:56:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char odbc_driver[1024];
data/freetds-1.2.3/src/odbc/unittests/compute.c:12:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char col1[256], col2[256];
data/freetds-1.2.3/src/odbc/unittests/compute.c:21:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/freetds-1.2.3/src/odbc/unittests/compute.c:132:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(col2, "##");
data/freetds-1.2.3/src/odbc/unittests/connect.c:21:9: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static TCHAR buf[256];
data/freetds-1.2.3/src/odbc/unittests/connect.c:34:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[1024*4];
data/freetds-1.2.3/src/odbc/unittests/connect.c:50:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen("odbcinst.ini", "w");
data/freetds-1.2.3/src/odbc/unittests/connect.c:133:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char app_name[130];
data/freetds-1.2.3/src/odbc/unittests/connect2.c:39:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sql[1024];
data/freetds-1.2.3/src/odbc/unittests/connect2.c:65:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[1024*3];
data/freetds-1.2.3/src/odbc/unittests/connect2.c:83:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "IDontExist");
data/freetds-1.2.3/src/odbc/unittests/convert_error.c:15:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sql[512];
data/freetds-1.2.3/src/odbc/unittests/copydesc.c:14:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64];
data/freetds-1.2.3/src/odbc/unittests/cursor1.c:16:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[ROWS][C_LEN];
data/freetds-1.2.3/src/odbc/unittests/cursor1.c:28:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sql_buf[80], data[10];
data/freetds-1.2.3/src/odbc/unittests/cursor1.c:75:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(c[i - 1], "foo");
data/freetds-1.2.3/src/odbc/unittests/cursor3.c:13:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[64];
data/freetds-1.2.3/src/odbc/unittests/cursor4.c:21:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[64];
data/freetds-1.2.3/src/odbc/unittests/cursor5.c:6:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char v_char_3[21];
data/freetds-1.2.3/src/odbc/unittests/cursor6.c:15:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[20];
data/freetds-1.2.3/src/odbc/unittests/cursor6.c:77:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sql[128];
data/freetds-1.2.3/src/odbc/unittests/cursor6.c:81:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sql, "INSERT INTO #cursor6_test(i,c) VALUES(%d, 'a%db%dc%d')", i, i, i, i);
data/freetds-1.2.3/src/odbc/unittests/cursor7.c:15:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[20];
data/freetds-1.2.3/src/odbc/unittests/cursor7.c:70:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sql[128];
data/freetds-1.2.3/src/odbc/unittests/cursor7.c:76:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sql, "\tINSERT INTO #cursor7_test(i,c) VALUES(%d, 'a%db%dc%d')", i, i, i, i);
data/freetds-1.2.3/src/odbc/unittests/data.c:27:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sbuf[1024];
data/freetds-1.2.3/src/odbc/unittests/data.c:28:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out_buf[256];
data/freetds-1.2.3/src/odbc/unittests/data.c:111:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(in_file, "r");
data/freetds-1.2.3/src/odbc/unittests/data.c:113:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(TEST_FILE, "r");
data/freetds-1.2.3/src/odbc/unittests/date.c:27:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf((char *) output, "%04d-%02d-%02d %02d:%02d:%02d.000", ts.year, ts.month, ts.day, ts.hour, ts.minute, ts.second);
data/freetds-1.2.3/src/odbc/unittests/describecol.c:50:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[32];
data/freetds-1.2.3/src/odbc/unittests/describecol.c:52:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%ld", value);
data/freetds-1.2.3/src/odbc/unittests/describecol.c:196:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/freetds-1.2.3/src/odbc/unittests/describecol.c:245:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/freetds-1.2.3/src/odbc/unittests/describecol.c:309:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(in_file, "r");
data/freetds-1.2.3/src/odbc/unittests/describecol.c:311:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(TEST_FILE, "r");
data/freetds-1.2.3/src/odbc/unittests/describecol.c:346:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sql[1024];
data/freetds-1.2.3/src/odbc/unittests/describecol.c:410:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *expected[10];
data/freetds-1.2.3/src/odbc/unittests/describecol2.c:45:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char *) name, "xxx");
data/freetds-1.2.3/src/odbc/unittests/describecol2.c:50:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char *) name, "xxx");
data/freetds-1.2.3/src/odbc/unittests/describecol2.c:55:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char *) name, "xxx");
data/freetds-1.2.3/src/odbc/unittests/earlybind.c:11:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64];
data/freetds-1.2.3/src/odbc/unittests/freeclose.c:47:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy[256];
data/freetds-1.2.3/src/odbc/unittests/freeclose.c:122:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char insert_buf[256] = "";
data/freetds-1.2.3/src/odbc/unittests/freeclose.c:167:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/freetds-1.2.3/src/odbc/unittests/freeclose.c:282:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[64];
data/freetds-1.2.3/src/odbc/unittests/freeclose.c:332:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "%d", port);
data/freetds-1.2.3/src/odbc/unittests/freeclose.c:337:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2048];
data/freetds-1.2.3/src/odbc/unittests/freeclose.c:370:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "This is a test (%d)", (int) id);
data/freetds-1.2.3/src/odbc/unittests/freeclose.c:408:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "This is a test (%d)", (int) id);
data/freetds-1.2.3/src/odbc/unittests/funccall.c:14:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out2[30];
data/freetds-1.2.3/src/odbc/unittests/funccall.c:84:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(out2, "bad!");
data/freetds-1.2.3/src/odbc/unittests/funccall.c:180:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out2[30];
data/freetds-1.2.3/src/odbc/unittests/funccall.c:214:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sql[1024];
data/freetds-1.2.3/src/odbc/unittests/genparams.c:36:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sbuf[1024];
data/freetds-1.2.3/src/odbc/unittests/genparams.c:37:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out_buf[256];
data/freetds-1.2.3/src/odbc/unittests/genparams.c:109:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sbuf[1024];
data/freetds-1.2.3/src/odbc/unittests/genparams.c:110:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out_buf[256];
data/freetds-1.2.3/src/odbc/unittests/genparams.c:149:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sbuf, "INSERT INTO #tmp_insert VALUES(?)");
data/freetds-1.2.3/src/odbc/unittests/genparams.c:201:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sbuf[1024];
data/freetds-1.2.3/src/odbc/unittests/genparams.c:218:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sbuf, "INSERT INTO #tmp_insert VALUES(?)");
data/freetds-1.2.3/src/odbc/unittests/genparams.c:255:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char out[80];
data/freetds-1.2.3/src/odbc/unittests/genparams.c:270:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p, "%02X", (n >> (8*(big_endian ? l-1-i : i))) & 0xffu);
data/freetds-1.2.3/src/odbc/unittests/genparams.c:287:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80];
data/freetds-1.2.3/src/odbc/unittests/genparams.c:291:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char date[128];
data/freetds-1.2.3/src/odbc/unittests/genparams.c:368:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "2003-07-22 13:02:03 -> %04d-%02d-%02d 13:02:03", (int) y, (int) m, (int) d);
data/freetds-1.2.3/src/odbc/unittests/getdata.c:10:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sql[128];
data/freetds-1.2.3/src/odbc/unittests/getdata.c:61:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sql[80];
data/freetds-1.2.3/src/odbc/unittests/getdata.c:134:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/freetds-1.2.3/src/odbc/unittests/insert_speed.c:18:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[64];
data/freetds-1.2.3/src/odbc/unittests/insert_speed.c:27:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "This is a test (%d)", (int) id);
data/freetds-1.2.3/src/odbc/unittests/insert_speed.c:43:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[64];
data/freetds-1.2.3/src/odbc/unittests/insert_speed.c:54:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "This is a test (%d)", (int) id);
data/freetds-1.2.3/src/odbc/unittests/long_error.c:21:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[128 + 110*10];
data/freetds-1.2.3/src/odbc/unittests/long_error.c:34:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cmd, "create procedure #proc_longerror as\nbegin\nraiserror('");
data/freetds-1.2.3/src/odbc/unittests/long_error.c:36:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cmd, "reallylong");
data/freetds-1.2.3/src/odbc/unittests/long_error.c:37:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cmd, " error', 16, 1)\nend\n");
data/freetds-1.2.3/src/odbc/unittests/mars1.c:68:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[120], buf[80];
data/freetds-1.2.3/src/odbc/unittests/norowset.c:11:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[256];
data/freetds-1.2.3/src/odbc/unittests/oldpwd.c:9:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(odbc_password, "testpwd$");
data/freetds-1.2.3/src/odbc/unittests/params.c:29:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char OutString[OUTSTRING_LEN];
data/freetds-1.2.3/src/odbc/unittests/params.c:49:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(OutString, "Test"); /* Comment this line and we get an error! Why? */
data/freetds-1.2.3/src/odbc/unittests/parser.c:42:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hexbuf[4];
data/freetds-1.2.3/src/odbc/unittests/parser.c:61:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hexbuf, ++s, 2);
data/freetds-1.2.3/src/odbc/unittests/parser.c:163:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char conds[MAX_CONDITIONS];
data/freetds-1.2.3/src/odbc/unittests/parser.c:216:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char line_buf[1024];
data/freetds-1.2.3/src/odbc/unittests/prepclose.c:56:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sql[5100];
data/freetds-1.2.3/src/odbc/unittests/prepclose.c:68:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sql + 5000, "\nSELECT 1");
data/freetds-1.2.3/src/odbc/unittests/prepclose.c:70:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sql, "SELECT 1");
data/freetds-1.2.3/src/odbc/unittests/preperror.c:12:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/freetds-1.2.3/src/odbc/unittests/preperror.c:26:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "2003-10-1 10:11:1 0");
data/freetds-1.2.3/src/odbc/unittests/putdata.c:19:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sql[1024];
data/freetds-1.2.3/src/odbc/unittests/putdata.c:29:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[256], *pb;
data/freetds-1.2.3/src/odbc/unittests/putdata.c:139:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sql, "IF EXISTS(SELECT * FROM #putdata WHERE CONVERT(VARBINARY(255),b) <> 0x");
data/freetds-1.2.3/src/odbc/unittests/putdata.c:142:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(strchr(sql, 0), "%02x", buf[i]);
data/freetds-1.2.3/src/odbc/unittests/putdata.c:143:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(sql, " OR CONVERT(VARCHAR(255),c) <> '");
data/freetds-1.2.3/src/odbc/unittests/putdata.c:152:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(sql, "') SELECT 1");
data/freetds-1.2.3/src/odbc/unittests/qn.c:34:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[1024];
data/freetds-1.2.3/src/odbc/unittests/qn.c:93:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/freetds-1.2.3/src/odbc/unittests/raiserror.c:26:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char OutString[OUTSTRING_LEN];
data/freetds-1.2.3/src/odbc/unittests/raiserror.c:78:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80];
data/freetds-1.2.3/src/odbc/unittests/raiserror.c:120:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sql[80];
data/freetds-1.2.3/src/odbc/unittests/raiserror.c:129:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sql, "RAISERROR('An error occurred.', %d, 1)", level);
data/freetds-1.2.3/src/odbc/unittests/raiserror.c:143:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(OutString, "Invalid!");
data/freetds-1.2.3/src/odbc/unittests/raiserror.c:260:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sql[512];
data/freetds-1.2.3/src/odbc/unittests/rebindpar.c:17:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sql[200];
data/freetds-1.2.3/src/odbc/unittests/rebindpar.c:40:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/freetds-1.2.3/src/odbc/unittests/rebindpar.c:45:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "miao");
data/freetds-1.2.3/src/odbc/unittests/rowset.c:29:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/freetds-1.2.3/src/odbc/unittests/rowset.c:56:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[10];
data/freetds-1.2.3/src/odbc/unittests/rowset.c:57:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sql[128];
data/freetds-1.2.3/src/odbc/unittests/rpc.c:35:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cmd[4096];
data/freetds-1.2.3/src/odbc/unittests/rpc.c:57:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char call_cmd[128];
data/freetds-1.2.3/src/odbc/unittests/rpc.c:143:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[60];
data/freetds-1.2.3/src/odbc/unittests/rpc.c:209:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char drop_proc[256] = "DROP PROCEDURE ";
data/freetds-1.2.3/src/odbc/unittests/scroll.c:15:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[ROWS][C_LEN];
data/freetds-1.2.3/src/odbc/unittests/scroll.c:100:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[10];
data/freetds-1.2.3/src/odbc/unittests/stats.c:7:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char output[256];
data/freetds-1.2.3/src/odbc/unittests/stats.c:13:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(output, "NULL");
data/freetds-1.2.3/src/odbc/unittests/stats.c:28:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sql[256];
data/freetds-1.2.3/src/odbc/unittests/stats.c:54:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sql[256];
data/freetds-1.2.3/src/odbc/unittests/stats.c:84:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", n);
data/freetds-1.2.3/src/odbc/unittests/stats.c:91:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char int_buf[32];
data/freetds-1.2.3/src/odbc/unittests/t0004.c:11:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/freetds-1.2.3/src/odbc/unittests/t0004.c:15:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "I don't exist");
data/freetds-1.2.3/src/odbc/unittests/t0004.c:29:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "sysobjects");
data/freetds-1.2.3/src/odbc/unittests/tables.c:9:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char output[256];
data/freetds-1.2.3/src/odbc/unittests/tables.c:14:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(output, "NULL");
data/freetds-1.2.3/src/odbc/unittests/tables.c:22:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/freetds-1.2.3/src/odbc/unittests/tables.c:51:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char expected_type[20] = "SYSTEM TABLE";
data/freetds-1.2.3/src/odbc/unittests/tables.c:57:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char table_buf[80];
data/freetds-1.2.3/src/odbc/unittests/tables.c:64:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(table_buf, "garbage");
data/freetds-1.2.3/src/odbc/unittests/tables.c:130:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[32];
data/freetds-1.2.3/src/odbc/unittests/tables.c:138:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(expected_type, "VIEW");
data/freetds-1.2.3/src/odbc/unittests/testodbc.c:187:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char guid[40];
data/freetds-1.2.3/src/odbc/unittests/testodbc.c:246:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(guid, "87654321-4321-4321-4321-123456789abc");
data/freetds-1.2.3/src/odbc/unittests/testodbc.c:259:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(guid, "1234abcd-abcd-abcd-abcd-123456789abc");
data/freetds-1.2.3/src/odbc/unittests/testodbc.c:284:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(guid, "1234abcd-abcd-abcd-abcd-123456789abc");
data/freetds-1.2.3/src/odbc/unittests/testodbc.c:347:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(guid, "87654321-4321-4321-4321-123456789abc");
data/freetds-1.2.3/src/odbc/unittests/timeout3.c:87:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/freetds-1.2.3/src/odbc/unittests/timeout3.c:136:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char conn[128];
data/freetds-1.2.3/src/odbc/unittests/timeout3.c:159:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen("odbcinst.ini", "w");
data/freetds-1.2.3/src/odbc/unittests/timeout3.c:190:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(conn, "DRIVER=FreeTDS;SERVER=127.0.0.1;Port=%d;TDS_Version=7.0;UID=test;PWD=test;DATABASE=tempdb;", port);
data/freetds-1.2.3/src/odbc/unittests/transaction.c:19:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char createProcedure[512];
data/freetds-1.2.3/src/odbc/unittests/transaction2.c:170:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/freetds-1.2.3/src/odbc/unittests/transaction2.c:186:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "dirty %d non repeatable %d phantom %d", dirty, repeatable, phantom);
data/freetds-1.2.3/src/odbc/unittests/type.c:99:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/freetds-1.2.3/src/odbc/unittests/typeinfo.c:8:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/freetds-1.2.3/src/odbc/unittests/typeinfo.c:85:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[128], params[128];
data/freetds-1.2.3/src/odbc/unittests/utf8.c:30:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tmp[1024*3];
data/freetds-1.2.3/src/odbc/unittests/utf8_2.c:33:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[1024];
data/freetds-1.2.3/src/odbc/unittests/utf8_2.c:34:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out[TDS_VECTOR_SIZE(column_names)][32];
data/freetds-1.2.3/src/odbc/unittests/utf8_3.c:10:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[30];
data/freetds-1.2.3/src/odbc/unittests/wchar.c:8:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[102];
data/freetds-1.2.3/src/odbc/winlogin.c:68:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAX_PATH];
data/freetds-1.2.3/src/odbc/winlogin.c:106:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[100];
data/freetds-1.2.3/src/odbc/winsetup.c:147:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char odbcini[FILENAME_MAX];
data/freetds-1.2.3/src/odbc/winsetup.c:148:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[100];
data/freetds-1.2.3/src/odbc/winsetup.c:151:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(odbcini, "odbc.ini");
data/freetds-1.2.3/src/odbc/winsetup.c:157:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%u", di->login->port);
data/freetds-1.2.3/src/odbc/winsetup.c:160:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%d.%d", TDS_MAJOR(di->login), TDS_MINOR(di->login));
data/freetds-1.2.3/src/odbc/winsetup.c:163:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%u", di->login->text_size);
data/freetds-1.2.3/src/odbc/winsetup.c:166:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%u", di->login->block_size);
data/freetds-1.2.3/src/odbc/winsetup.c:212:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[100];
data/freetds-1.2.3/src/odbc/winsetup.c:233:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "TDS %d.%d", TDS_MAJOR(di->login), TDS_MINOR(di->login));
data/freetds-1.2.3/src/odbc/winsetup.c:236:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%u", di->login->port);
data/freetds-1.2.3/src/odbc/winsetup.c:267:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
di->login->port = atoi(tmp);
data/freetds-1.2.3/src/odbc/winsetup.c:323:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1000];
data/freetds-1.2.3/src/pool/config.c:92:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in = fopen(path, "r");
data/freetds-1.2.3/src/pool/main.c:258:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(logfile_name, O_WRONLY|O_CREAT|O_APPEND, 0644);
data/freetds-1.2.3/src/pool/main.c:369:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/freetds-1.2.3/src/pool/member.c:84:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[MAXHOSTNAMELEN];
data/freetds-1.2.3/src/pool/user.c:337:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[256];
data/freetds-1.2.3/src/pool/user.c:338:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char block[32];
data/freetds-1.2.3/src/pool/user.c:374:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(str, "SET ANSI_DEFAULTS OFF\nSET CONCAT_NULL_YIELDS_NULL OFF\n");
data/freetds-1.2.3/src/pool/user.c:376:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(str, "USE ");
data/freetds-1.2.3/src/pool/user.c:429:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(block, "%d", tds->conn->env.block_size);
data/freetds-1.2.3/src/replacements/daemon.c:117:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dev_null = open("/dev/null", O_RDWR);
data/freetds-1.2.3/src/replacements/getaddrinfo.c:80:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(he2, he, sizeof(struct hostent));
data/freetds-1.2.3/src/replacements/getaddrinfo.c:101:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, he->h_addr_list[i], he->h_length);
data/freetds-1.2.3/src/replacements/getaddrinfo.c:113:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, he->h_name, n);
data/freetds-1.2.3/src/replacements/getaddrinfo.c:137:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, he->h_aliases[i], len);
data/freetds-1.2.3/src/replacements/getaddrinfo.c:213:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096];
data/freetds-1.2.3/src/replacements/getaddrinfo.c:238:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = atoi(service);
data/freetds-1.2.3/src/replacements/iconv.c:349:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char encodings[2];
data/freetds-1.2.3/src/replacements/iconv.c:436:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ob, ib, copybytes);
data/freetds-1.2.3/src/replacements/readpassphrase.c:119:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(input = output = open(_PATH_TTY, O_RDWR)) == -1) {
data/freetds-1.2.3/src/replacements/readpassphrase.c:220:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[_PASSWORD_LEN + 1];
data/freetds-1.2.3/src/replacements/strlcat.c:39:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest + dest_len, src, len - dest_len);
data/freetds-1.2.3/src/replacements/strlcat.c:43:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest + dest_len, src, src_len + 1);
data/freetds-1.2.3/src/replacements/strlcpy.c:37:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src, len);
data/freetds-1.2.3/src/replacements/strlcpy.c:40:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src, l + 1);
data/freetds-1.2.3/src/replacements/unittests/strings.c:72:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "xyz");
data/freetds-1.2.3/src/replacements/unittests/strings.c:76:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "xyz");
data/freetds-1.2.3/src/replacements/unittests/strings.c:80:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "xyz");
data/freetds-1.2.3/src/replacements/unittests/strings.c:84:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "xyz");
data/freetds-1.2.3/src/replacements/unittests/strings.c:88:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "123456789");
data/freetds-1.2.3/src/replacements/unittests/strings.c:95:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "123");
data/freetds-1.2.3/src/replacements/vasprintf.c:110:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(_PATH_DEVNULL, "w")) == NULL)
data/freetds-1.2.3/src/replacements/vasprintf.c:113:29: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp == NULL) && ((fp = fopen(_PATH_DEVNULL, "w")) == NULL))
data/freetds-1.2.3/src/server/login.c:163:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
login->block_size = atoi(tds_dstr_cstr(&blockstr));
data/freetds-1.2.3/src/server/unittest.c:52:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (argc < 2 || atoi(argv[1]) <= 0) {
data/freetds-1.2.3/src/server/unittest.c:58:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tds = tds_listen(ctx, atoi(argv[1]));
data/freetds-1.2.3/src/tds/bulk.c:162:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(curcol->column_collation, resinfo->columns[i]->column_collation, 5);
data/freetds-1.2.3/src/tds/bulk.c:219:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char column_type[40];
data/freetds-1.2.3/src/tds/bulk.c:249:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(clause->pb, ", ");
data/freetds-1.2.3/src/tds/bulk.c:273:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char clause_buffer[4096] = { 0 };
data/freetds-1.2.3/src/tds/bulk.c:525:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&rowbuffer[row_pos], num->array, cpbytes);
data/freetds-1.2.3/src/tds/bulk.c:540:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&rowbuffer[row_pos], bcpcol->bcp_column_data->data, cpbytes);
data/freetds-1.2.3/src/tds/bulk.c:633:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&rowbuffer[row_pos], num->array, cpbytes);
data/freetds-1.2.3/src/tds/bulk.c:637:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&rowbuffer[row_pos], bcpcol->bcp_column_data->data, cpbytes);
data/freetds-1.2.3/src/tds/bulk.c:1064:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r.left + term_len, terminator, term_len);
data/freetds-1.2.3/src/tds/bulk.c:1065:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r.left + term_len*2u, terminator, term_len);
data/freetds-1.2.3/src/tds/challenge.c:66:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char lm_resp[24];
data/freetds-1.2.3/src/tds/challenge.c:67:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nt_resp[24];
data/freetds-1.2.3/src/tds/challenge.c:115:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, s, len);
data/freetds-1.2.3/src/tds/challenge.c:132:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
make_ntlm_hash(TDSSOCKET * tds, const char *passwd, unsigned char ntlm_hash[16])
data/freetds-1.2.3/src/tds/challenge.c:132:62: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
make_ntlm_hash(TDSSOCKET * tds, const char *passwd, unsigned char ntlm_hash[16])
data/freetds-1.2.3/src/tds/challenge.c:136:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char passwd_usc2le[256];
data/freetds-1.2.3/src/tds/challenge.c:163:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
make_ntlm_v2_hash(TDSSOCKET * tds, const char *passwd, unsigned char ntlm_v2_hash[16])
data/freetds-1.2.3/src/tds/challenge.c:163:65: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
make_ntlm_v2_hash(TDSSOCKET * tds, const char *passwd, unsigned char ntlm_v2_hash[16])
data/freetds-1.2.3/src/tds/challenge.c:169:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ntlm_hash[16];
data/freetds-1.2.3/src/tds/challenge.c:170:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/freetds-1.2.3/src/tds/challenge.c:171:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf_usc2le[512];
data/freetds-1.2.3/src/tds/challenge.c:187:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, user_name, user_name_len);
data/freetds-1.2.3/src/tds/challenge.c:221:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char *
data/freetds-1.2.3/src/tds/challenge.c:222:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
make_lm_v2_response(const unsigned char ntlm_v2_hash[16],
data/freetds-1.2.3/src/tds/challenge.c:223:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char *client_data, int client_data_len, const unsigned char challenge[8])
data/freetds-1.2.3/src/tds/challenge.c:223:77: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char *client_data, int client_data_len, const unsigned char challenge[8])
data/freetds-1.2.3/src/tds/challenge.c:232:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mac + 8, challenge, 8);
data/freetds-1.2.3/src/tds/challenge.c:233:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mac + 16, client_data, client_data_len);
data/freetds-1.2.3/src/tds/challenge.c:251:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ntlm_v2_hash[16];
data/freetds-1.2.3/src/tds/challenge.c:267:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(answer->lm_resp, lm_v2_response, 24);
data/freetds-1.2.3/src/tds/challenge.c:300:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[24], ntlm2_challenge[16];
data/freetds-1.2.3/src/tds/challenge.c:314:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(answer->lm_resp, hash, 24);
data/freetds-1.2.3/src/tds/challenge.c:325:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char passwd_buf[MAX_PW_SZ];
data/freetds-1.2.3/src/tds/challenge.c:627:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nonce[8];
data/freetds-1.2.3/src/tds/challenge.c:761:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(packet, ntlm_id, 8);
data/freetds-1.2.3/src/tds/challenge.c:786:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(packet + 40, tds_dstr_cstr(&tds->login->client_host_name), host_name_len);
data/freetds-1.2.3/src/tds/challenge.c:787:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(packet + 40 + host_name_len, domain, domain_len);
data/freetds-1.2.3/src/tds/config.c:216:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[128];
data/freetds-1.2.3/src/tds/config.c:300:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((in = fopen(path, "r")) == NULL) {
data/freetds-1.2.3/src/tds/config.c:436:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[7];
data/freetds-1.2.3/src/tds/config.c:505:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[256], *value;
data/freetds-1.2.3/src/tds/config.c:603:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int val = atoi(value);
data/freetds-1.2.3/src/tds/config.c:623:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(value))
data/freetds-1.2.3/src/tds/config.c:624:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
login->query_timeout = atoi(value);
data/freetds-1.2.3/src/tds/config.c:626:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(value))
data/freetds-1.2.3/src/tds/config.c:627:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
login->connect_timeout = atoi(value);
data/freetds-1.2.3/src/tds/config.c:629:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[128];
data/freetds-1.2.3/src/tds/config.c:643:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(value))
data/freetds-1.2.3/src/tds/config.c:644:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
login->port = atoi(value);
data/freetds-1.2.3/src/tds/config.c:649:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(value))
data/freetds-1.2.3/src/tds/config.c:650:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
login->text_size = atoi(value);
data/freetds-1.2.3/src/tds/config.c:867:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[128];
data/freetds-1.2.3/src/tds/config.c:905:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char name[6];
data/freetds-1.2.3/src/tds/config.c:1032:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int num = atoi(portname);
data/freetds-1.2.3/src/tds/config.c:1071:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[255];
data/freetds-1.2.3/src/tds/config.c:1072:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_ip[sizeof(line)];
data/freetds-1.2.3/src/tds/config.c:1073:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_port[sizeof(line)];
data/freetds-1.2.3/src/tds/config.c:1074:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_ver[sizeof(line)];
data/freetds-1.2.3/src/tds/config.c:1110:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((in = fopen(pathname, "r")) == NULL) {
data/freetds-1.2.3/src/tds/config.c:1138:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_port, "%d", hex2num(&field[6]) * 256 + hex2num(&field[8]));
data/freetds-1.2.3/src/tds/config.c:1139:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_ip, "%d.%d.%d.%d", hex2num(&field[10]),
data/freetds-1.2.3/src/tds/config.c:1316:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
login->port = connection->port = atoi(pSep + 1);
data/freetds-1.2.3/src/tds/convert.c:168:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cr->c, s, len + 1);
data/freetds-1.2.3/src/tds/convert.c:170:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cr->cc.c, s, len < cr->cc.len ? len : cr->cc.len);
data/freetds-1.2.3/src/tds/convert.c:184:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cr->ib, data, len);
data/freetds-1.2.3/src/tds/convert.c:186:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cr->cb.ib, data, len < cr->cb.len ? len : cr->cb.len);
data/freetds-1.2.3/src/tds/convert.c:267:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cr, src, srclen);
data/freetds-1.2.3/src/tds/convert.c:336:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mynumber[28];
data/freetds-1.2.3/src/tds/convert.c:348:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cr->cc.c, src, srclen < cr->cc.len ? srclen : cr->cc.len);
data/freetds-1.2.3/src/tds/convert.c:354:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cr->c, src, srclen);
data/freetds-1.2.3/src/tds/convert.c:624:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_str, "%d", num);
data/freetds-1.2.3/src/tds/convert.c:865:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpstr[MAXPRECISION];
data/freetds-1.2.3/src/tds/convert.c:1045:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_str[33];
data/freetds-1.2.3/src/tds/convert.c:1071:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p, "%u.%02u", dollars / 100u, dollars % 100u);
data/freetds-1.2.3/src/tds/convert.c:1073:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p, "%u.%04u", dollars / 10000u, dollars % 10000u);
data/freetds-1.2.3/src/tds/convert.c:1165:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpstr[64];
data/freetds-1.2.3/src/tds/convert.c:1264:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char whole_date_string[64];
data/freetds-1.2.3/src/tds/convert.c:1333:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char whole_date_string[64];
data/freetds-1.2.3/src/tds/convert.c:1501:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_str[128];
data/freetds-1.2.3/src/tds/convert.c:1510:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_str, "%.9g", the_value);
data/freetds-1.2.3/src/tds/convert.c:1589:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_str, "%.*f", cr->n.scale, the_value);
data/freetds-1.2.3/src/tds/convert.c:1613:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_str[25];
data/freetds-1.2.3/src/tds/convert.c:1615:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&the_value, src, 8);
data/freetds-1.2.3/src/tds/convert.c:1619:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_str, "%.17g", the_value);
data/freetds-1.2.3/src/tds/convert.c:1695:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_str, "%.*f", cr->n.scale, the_value);
data/freetds-1.2.3/src/tds/convert.c:1717:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[37];
data/freetds-1.2.3/src/tds/convert.c:1722:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X",
data/freetds-1.2.3/src/tds/convert.c:1732:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(cr->u), src, sizeof(TDS_UNIQUE));
data/freetds-1.2.3/src/tds/convert.c:2000:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char last_token[32];
data/freetds-1.2.3/src/tds/convert.c:2052:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
store_year(atoi(tok), &t);
data/freetds-1.2.3/src/tds/convert.c:2124:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
store_year(atoi(tok), &t);
data/freetds-1.2.3/src/tds/convert.c:2143:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
store_year(atoi(tok), &t);
data/freetds-1.2.3/src/tds/convert.c:2184:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
store_year(atoi(tok), &t);
data/freetds-1.2.3/src/tds/convert.c:2268:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mynumber[(MAXPRECISION + 7) / 8 * 8 + 8];
data/freetds-1.2.3/src/tds/convert.c:2315:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, instr, digits);
data/freetds-1.2.3/src/tds/convert.c:2322:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, instr, decimals);
data/freetds-1.2.3/src/tds/convert.c:2430:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char month[4];
data/freetds-1.2.3/src/tds/convert.c:2588:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int mday = atoi(datestr);
data/freetds-1.2.3/src/tds/convert.c:2657:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dd[3];
data/freetds-1.2.3/src/tds/convert.c:2659:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mon[4];
data/freetds-1.2.3/src/tds/convert.c:2664:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mday = atoi(dd);
data/freetds-1.2.3/src/tds/convert.c:2679:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
year = atoi(&datestr[7]);
data/freetds-1.2.3/src/tds/convert.c:2691:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
year = atoi(&datestr[5]);
data/freetds-1.2.3/src/tds/convert.c:2776:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
wholedate = atoi(datestr);
data/freetds-1.2.3/src/tds/convert.c:2886:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hours = atoi(hour);
data/freetds-1.2.3/src/tds/convert.c:3019:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[12];
data/freetds-1.2.3/src/tds/convert.c:3020:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%07d", dr->decimicrosecond);
data/freetds-1.2.3/src/tds/convert.c:3021:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pz, buf, prec);
data/freetds-1.2.3/src/tds/convert.c:3449:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpstr[128];
data/freetds-1.2.3/src/tds/convert.c:3464:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmpstr, src, srclen);
data/freetds-1.2.3/src/tds/data.c:286:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(curcol->column_collation, conn->collation, sizeof(conn->collation));
data/freetds-1.2.3/src/tds/data.c:1047:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[64];
data/freetds-1.2.3/src/tds/data.c:1052:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, s, colsize);
data/freetds-1.2.3/src/tds/data.c:1110:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[64];
data/freetds-1.2.3/src/tds/data.c:1115:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, s, colsize);
data/freetds-1.2.3/src/tds/data.c:1343:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[12], *p;
data/freetds-1.2.3/src/tds/getmac.c:45:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
tds_getmac(TDS_SYS_SOCKET s, unsigned char mac[6])
data/freetds-1.2.3/src/tds/getmac.c:52:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/freetds-1.2.3/src/tds/getmac.c:68:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mac, ifr.ifr_hwaddr.sa_data, 6);
data/freetds-1.2.3/src/tds/iconv.c:69:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *iconv_names[TDS_VECTOR_SIZE(canonic_charsets)];
data/freetds-1.2.3/src/tds/iconv.c:78:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[15];
data/freetds-1.2.3/src/tds/iconv.c:155:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ib[1];
data/freetds-1.2.3/src/tds/iconv.c:156:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ob[4];
data/freetds-1.2.3/src/tds/iconv.c:203:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ob[16];
data/freetds-1.2.3/src/tds/iconv.c:215:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
pib = (ICONV_CONST char *) test_strings[from].data;
data/freetds-1.2.3/src/tds/iconv.c:638:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*outbuf, *inbuf, len);
data/freetds-1.2.3/src/tds/iconv.c:867:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ib[16];
data/freetds-1.2.3/src/tds/iconv.c:868:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ob[16];
data/freetds-1.2.3/src/tds/iconv.c:915:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ib + l, *input, il);
data/freetds-1.2.3/src/tds/locale.c:63:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in = fopen(FREETDS_LOCALECONFFILE, "r");
data/freetds-1.2.3/src/tds/locale.c:74:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/freetds-1.2.3/src/tds/log.c:150:35: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
} else if (NULL == (g_dumpfile = fopen(filename, "w"))) {
data/freetds-1.2.3/src/tds/log.c:159:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char today[64];
data/freetds-1.2.3/src/tds/log.c:185:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return fopen(g_dump_filename, "a");
data/freetds-1.2.3/src/tds/log.c:208:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128], *pbuf;
data/freetds-1.2.3/src/tds/log.c:221:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
pbuf += sprintf(pbuf, "%d", (int) getpid());
data/freetds-1.2.3/src/tds/log.c:263:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line_buf[BYTES_PER_LINE * 8 + 16], *p;
data/freetds-1.2.3/src/tds/log.c:297:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "%04x", ((unsigned int) i) & 0xffffu);
data/freetds-1.2.3/src/tds/log.c:308:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, " ");
data/freetds-1.2.3/src/tds/log.c:310:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "%02x", data[i + j]);
data/freetds-1.2.3/src/tds/log.c:316:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, " |");
data/freetds-1.2.3/src/tds/log.c:324:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "%c", (isprint(data[j])) ? data[j] : '.');
data/freetds-1.2.3/src/tds/log.c:326:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(p, "|\n");
data/freetds-1.2.3/src/tds/log.c:429:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, col->column_data, col->column_cur_size);
data/freetds-1.2.3/src/tds/login.c:362:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "set textsize %d ", login->text_size);
data/freetds-1.2.3/src/tds/login.c:365:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(str, "select @@spid ");
data/freetds-1.2.3/src/tds/login.c:372:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(str, "use ");
data/freetds-1.2.3/src/tds/login.c:687:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char protocol_version[4];
data/freetds-1.2.3/src/tds/login.c:688:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char program_version[4];
data/freetds-1.2.3/src/tds/login.c:693:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char blockstr[16];
data/freetds-1.2.3/src/tds/login.c:735:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(protocol_version, "\004\002\000\000", 4);
data/freetds-1.2.3/src/tds/login.c:736:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(program_version, "\004\002\000\000", 4);
data/freetds-1.2.3/src/tds/login.c:738:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(protocol_version, "\004\006\000\000", 4);
data/freetds-1.2.3/src/tds/login.c:739:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(program_version, "\004\002\000\000", 4);
data/freetds-1.2.3/src/tds/login.c:741:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(protocol_version, "\005\000\000\000", 4);
data/freetds-1.2.3/src/tds/login.c:742:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(program_version, "\005\000\000\000", 4);
data/freetds-1.2.3/src/tds/login.c:761:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(blockstr, "%d", (int) getpid());
data/freetds-1.2.3/src/tds/login.c:821:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(blockstr, "%d", login->block_size);
data/freetds-1.2.3/src/tds/login.c:823:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(blockstr, "512");
data/freetds-1.2.3/src/tds/login.c:879:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hwaddr[6];
data/freetds-1.2.3/src/tds/mem.c:163:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_id[30];
data/freetds-1.2.3/src/tds/mem.c:802:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[128];
data/freetds-1.2.3/src/tds/mem.c:835:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (encoding && atoi(encoding) > 0) {
data/freetds-1.2.3/src/tds/mem.c:888:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cursor->cursor_name, name, namelen);
data/freetds-1.2.3/src/tds/mem.c:891:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cursor->query, query, querylen);
data/freetds-1.2.3/src/tds/mem.c:1075:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(packet->buf, buf, len);
data/freetds-1.2.3/src/tds/mem.c:1803:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(q, "S00", 3);
data/freetds-1.2.3/src/tds/net.c:256:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipaddr[128];
data/freetds-1.2.3/src/tds/net.c:859:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char to_cancel[16];
data/freetds-1.2.3/src/tds/net.c:1099:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[16*1024];
data/freetds-1.2.3/src/tds/net.c:1102:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipaddr[128];
data/freetds-1.2.3/src/tds/net.c:1174:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *name, sep[2] = ";", *save;
data/freetds-1.2.3/src/tds/net.c:1235:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[1024];
data/freetds-1.2.3/src/tds/net.c:1238:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipaddr[128];
data/freetds-1.2.3/src/tds/num_limits.h:3:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const signed char limit_indexes[79]= {
data/freetds-1.2.3/src/tds/numeric.c:84:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p, "%" PRIu64 ".%02u", n / 100u, (unsigned) (n % 100u));
data/freetds-1.2.3/src/tds/numeric.c:86:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p, "%" PRIu64 ".%04u", n / 10000u, (unsigned) (n % 10000u));
data/freetds-1.2.3/src/tds/packet.c:300:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(packet->buf, mars, start);
data/freetds-1.2.3/src/tds/packet.c:301:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(packet->buf + start, buf, len);
data/freetds-1.2.3/src/tds/packet.c:318:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[8];
data/freetds-1.2.3/src/tds/packet.c:765:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkt_next->buf + tds_packet_get_data_start(pkt_next) + 8, tds->out_buf + tds->out_buf_max, left);
data/freetds-1.2.3/src/tds/packet.c:800:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tds->out_buf + 8, tds->out_buf + tds->out_buf_max, left);
data/freetds-1.2.3/src/tds/packet.c:817:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out_buf[8];
data/freetds-1.2.3/src/tds/query.c:111:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[sizeof(s)*2-2]; \
data/freetds-1.2.3/src/tds/query.c:233:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colname[32];
data/freetds-1.2.3/src/tds/query.c:250:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out + pos, s, len);
data/freetds-1.2.3/src/tds/query.c:254:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
pos += sprintf(out + pos, "@P%d", i + 1);
data/freetds-1.2.3/src/tds/query.c:257:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(colname, "@P%d", i + 1);
data/freetds-1.2.3/src/tds/query.c:905:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char declaration[128], *p;
data/freetds-1.2.3/src/tds/query.c:935:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "@P%d ", i+1);
data/freetds-1.2.3/src/tds/query.c:937:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(p, "varchar(4000)");
data/freetds-1.2.3/src/tds/query.c:966:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char declaration[40];
data/freetds-1.2.3/src/tds/query.c:1069:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[24];
data/freetds-1.2.3/src/tds/query.c:1102:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "@P%d", i);
data/freetds-1.2.3/src/tds/query.c:1879:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80];
data/freetds-1.2.3/src/tds/query.c:1890:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, " DECLARE @P%d ", n);
data/freetds-1.2.3/src/tds/query.c:1892:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf + strlen(buf), " SET @P%d=", n);
data/freetds-1.2.3/src/tds/query.c:1911:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "@P%d OUTPUT", n);
data/freetds-1.2.3/src/tds/query.c:2199:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, id, len);
data/freetds-1.2.3/src/tds/query.c:2600:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char mssql_fetch[7] = {
data/freetds-1.2.3/src/tds/query.c:3081:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/freetds-1.2.3/src/tds/query.c:3101:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2048];
data/freetds-1.2.3/src/tds/query.c:3198:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/freetds-1.2.3/src/tds/query.c:3391:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[128];
data/freetds-1.2.3/src/tds/query.c:3422:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char datefmt[4];
data/freetds-1.2.3/src/tds/query.c:3429:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cmd, "SET ARITHABORT ON");
data/freetds-1.2.3/src/tds/query.c:3432:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cmd, "SET ARITHABORT OFF");
data/freetds-1.2.3/src/tds/query.c:3435:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cmd, "SET ARITHIGNORE ON");
data/freetds-1.2.3/src/tds/query.c:3438:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cmd, "SET ARITHIGNORE OFF");
data/freetds-1.2.3/src/tds/query.c:3456:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cmd, "SET DATEFIRST %d", param->ti);
data/freetds-1.2.3/src/tds/query.c:3460:26: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case TDS_OPT_FMTDMY: strcpy(datefmt,"dmy"); break;
data/freetds-1.2.3/src/tds/query.c:3461:26: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case TDS_OPT_FMTDYM: strcpy(datefmt,"dym"); break;
data/freetds-1.2.3/src/tds/query.c:3462:26: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case TDS_OPT_FMTMDY: strcpy(datefmt,"mdy"); break;
data/freetds-1.2.3/src/tds/query.c:3463:26: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case TDS_OPT_FMTMYD: strcpy(datefmt,"myd"); break;
data/freetds-1.2.3/src/tds/query.c:3464:26: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case TDS_OPT_FMTYDM: strcpy(datefmt,"ydm"); break;
data/freetds-1.2.3/src/tds/query.c:3465:26: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case TDS_OPT_FMTYMD: strcpy(datefmt,"ymd"); break;
data/freetds-1.2.3/src/tds/query.c:3470:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cmd, "SET TEXTSIZE %d", (int) param->i);
data/freetds-1.2.3/src/tds/query.c:3514:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cmd, "SELECT @@options");
data/freetds-1.2.3/src/tds/query.c:3517:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cmd, "SELECT @@datefirst");
data/freetds-1.2.3/src/tds/query.c:3520:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cmd, "SELECT DATEPART(dy,'01/02/03')");
data/freetds-1.2.3/src/tds/query.c:3523:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cmd, "SELECT @@textsize");
data/freetds-1.2.3/src/tds/random.c:52:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, p, len);
data/freetds-1.2.3/src/tds/read.c:239:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *) dest, tds->in_buf + tds->in_pos, have);
data/freetds-1.2.3/src/tds/read.c:249:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *) dest, tds->in_buf + tds->in_pos, need);
data/freetds-1.2.3/src/tds/sec_negotiate_gnutls.h:227:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(seed, mask, mask_len);
data/freetds-1.2.3/src/tds/sec_negotiate_gnutls.h:265:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(em.all+(key_size - length), message, length);
data/freetds-1.2.3/src/tds/sec_negotiate_gnutls.h:307:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char der_buf[2048];
data/freetds-1.2.3/src/tds/sec_negotiate_gnutls.h:318:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(message, nonce, nonce_len);
data/freetds-1.2.3/src/tds/sec_negotiate_gnutls.h:319:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(message + nonce_len, pwd, pwd_len);
data/freetds-1.2.3/src/tds/sec_negotiate_openssl.h:77:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(message, nonce, nonce_len);
data/freetds-1.2.3/src/tds/sec_negotiate_openssl.h:78:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(message + nonce_len, pwd, pwd_len);
data/freetds-1.2.3/src/tds/stream.c:55:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
# define TEMP_INIT(s) char temp[s]
data/freetds-1.2.3/src/tds/stream.c:273:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, s->buffer, cp);
data/freetds-1.2.3/src/tds/tds_types.h:709:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *const tds_type_names[256] = {
data/freetds-1.2.3/src/tds/tls.c:137:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, tds->in_buf + tds->in_pos, len);
data/freetds-1.2.3/src/tds/tls.c:226:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[16];
data/freetds-1.2.3/src/tds/tls.c:384:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192];
data/freetds-1.2.3/src/tds/tls.c:396:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen("cert.dat", "wb");
data/freetds-1.2.3/src/tds/token.c:292:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
struct { unsigned char major, minor, tiny[2];
data/freetds-1.2.3/src/tds/token.c:1116:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *partials[4], *p;
data/freetds-1.2.3/src/tds/token.c:1614:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char dashes[31] = "------------------------------";
data/freetds-1.2.3/src/tds/token.c:2283:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
new_block_size = atoi(newval);
data/freetds-1.2.3/src/tds/token.c:2608:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[TDS_MAX_DYNID_LEN + 1];
data/freetds-1.2.3/src/tds/unittests/allcolumns.c:279:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(curcol->column_data, cr.c, result);
data/freetds-1.2.3/src/tds/unittests/allcolumns.c:281:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(curcol->column_data, &cr.i, result);
data/freetds-1.2.3/src/tds/unittests/allcolumns.c:314:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(v->data, basecol->column_data, v->data_len);
data/freetds-1.2.3/src/tds/unittests/charconv.c:51:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[4096+80];
data/freetds-1.2.3/src/tds/unittests/charconv.c:52:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf_out[4096+80];
data/freetds-1.2.3/src/tds/unittests/charconv.c:69:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(in, from, from_len);
data/freetds-1.2.3/src/tds/unittests/charconv.c:75:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, out, *dest_len - w.stream.buf_len);
data/freetds-1.2.3/src/tds/unittests/collations.c:48:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char dig[16];
data/freetds-1.2.3/src/tds/unittests/collations.c:87:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(digest + i * 2, "%02x", dig[i]);
data/freetds-1.2.3/src/tds/unittests/collations.c:96:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sql[512];
data/freetds-1.2.3/src/tds/unittests/collations.c:98:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char old_digest[33];
data/freetds-1.2.3/src/tds/unittests/collations.c:160:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(old_digest, digest, 33);
data/freetds-1.2.3/src/tds/unittests/collations.c:161:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&old_coll, coll, sizeof(*coll));
data/freetds-1.2.3/src/tds/unittests/collations.c:167:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen("collations.txt", "r");
data/freetds-1.2.3/src/tds/unittests/collations.c:168:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024];
data/freetds-1.2.3/src/tds/unittests/collations.c:173:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cp[128], digest[33];
data/freetds-1.2.3/src/tds/unittests/collations.c:193:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[CHUNK * 4+1];
data/freetds-1.2.3/src/tds/unittests/collations.c:200:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf + cnt * 4, "%02x%02x", n & 0xff, (n >> 8) & 0xff);
data/freetds-1.2.3/src/tds/unittests/collations.c:261:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen("collations.txt", "w");
data/freetds-1.2.3/src/tds/unittests/collations.c:294:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(CHARSET, "UTF-8");
data/freetds-1.2.3/src/tds/unittests/common.c:5:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char USER[512];
data/freetds-1.2.3/src/tds/unittests/common.c:6:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char SERVER[512];
data/freetds-1.2.3/src/tds/unittests/common.c:7:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PASSWORD[512];
data/freetds-1.2.3/src/tds/unittests/common.c:8:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char DATABASE[512];
data/freetds-1.2.3/src/tds/unittests/common.c:10:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char CHARSET[512] = "ISO-8859-1";
data/freetds-1.2.3/src/tds/unittests/common.c:18:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[512];
data/freetds-1.2.3/src/tds/unittests/common.c:23:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in = fopen(s1, "r");
data/freetds-1.2.3/src/tds/unittests/common.c:25:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in = fopen("../../../PWD", "r");
data/freetds-1.2.3/src/tds/unittests/common.h:25:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char PASSWORD[512];
data/freetds-1.2.3/src/tds/unittests/common.h:26:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char USER[512];
data/freetds-1.2.3/src/tds/unittests/common.h:27:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char SERVER[512];
data/freetds-1.2.3/src/tds/unittests/common.h:28:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char DATABASE[512];
data/freetds-1.2.3/src/tds/unittests/common.h:29:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char CHARSET[512];
data/freetds-1.2.3/src/tds/unittests/convert.c:92:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iterations = atoi(argv[1]);
data/freetds-1.2.3/src/tds/unittests/corrupt.c:41:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8];
data/freetds-1.2.3/src/tds/unittests/corrupt.c:71:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(conv.buf, p, 2);
data/freetds-1.2.3/src/tds/unittests/corrupt.c:79:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(conv.buf, p, 8);
data/freetds-1.2.3/src/tds/unittests/dataread.c:53:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/freetds-1.2.3/src/tds/unittests/declarations.c:28:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char declaration[128];
data/freetds-1.2.3/src/tds/unittests/dynamic1.c:49:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(curcol->column_data, &n, sizeof(n));
data/freetds-1.2.3/src/tds/unittests/dynamic1.c:61:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(curcol->column_data, s, len);
data/freetds-1.2.3/src/tds/unittests/freeze.c:56:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf->buf + buf->len, data, data_len);
data/freetds-1.2.3/src/tds/unittests/freeze.c:88:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/freetds-1.2.3/src/tds/unittests/freeze.c:395:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sock_buf[32];
data/freetds-1.2.3/src/tds/unittests/iconv_fread.c:36:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[4096+80];
data/freetds-1.2.3/src/tds/unittests/iconv_fread.c:66:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(out_file, "w+b");
data/freetds-1.2.3/src/tds/unittests/numeric.c:33:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/freetds-1.2.3/src/tds/unittests/numeric.c:34:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[256];
data/freetds-1.2.3/src/tds/unittests/numeric.c:69:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "error");
data/freetds-1.2.3/src/tds/unittests/numeric.c:73:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(result, "error");
data/freetds-1.2.3/src/tds/unittests/portconf.c:27:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(in_file, "r");
data/freetds-1.2.3/src/tds/unittests/portconf.c:30:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(in_file, "r");
data/freetds-1.2.3/src/tds/unittests/readconf.c:64:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(in_file, "r");
data/freetds-1.2.3/src/tds/unittests/readconf.c:66:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen("readconf.in", "r");
data/freetds-1.2.3/src/tds/unittests/t0002.c:27:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char result[256];
data/freetds-1.2.3/src/tds/unittests/t0002.c:36:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(result, "%d", *(const int *) value);
data/freetds-1.2.3/src/tds/unittests/t0002.c:39:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(result, "Unexpected column_type %d", type);
data/freetds-1.2.3/src/tds/unittests/t0004.c:25:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char result[256];
data/freetds-1.2.3/src/tds/unittests/t0004.c:48:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(long_query, "SELECT name FROM #longquerytest WHERE (");
data/freetds-1.2.3/src/tds/unittests/t0004.c:51:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(long_query, "name = 'correct')");
data/freetds-1.2.3/src/tds/unittests/t0005.c:37:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char large_sql[1000];
data/freetds-1.2.3/src/tds/unittests/t0005.c:104:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char result[256];
data/freetds-1.2.3/src/tds/unittests/t0005.c:113:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(result, "%d", *(const int *) value);
data/freetds-1.2.3/src/tds/unittests/t0005.c:116:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(result, "Unexpected column_type %d", type);
data/freetds-1.2.3/src/tds/unittests/t0006.c:46:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sql[256];
data/freetds-1.2.3/src/tds/unittests/t0006.c:92:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sql, "INSERT #test_table (id, val) VALUES (%d, %.8g)", i, sybreal[i]);
data/freetds-1.2.3/src/tds/unittests/t0006.c:161:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sql, "INSERT #test_table (id, val) VALUES (%d, %.15g)", i, sybflt8[i]);
data/freetds-1.2.3/src/tds/unittests/t0006.c:187:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&src_val, src, 8);
data/freetds-1.2.3/src/tds/unittests/t0007.c:35:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/freetds-1.2.3/src/tds/unittests/t0007.c:41:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(copy, src, len);
data/freetds-1.2.3/src/tds/unittests/t0007.c:64:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "error");
data/freetds-1.2.3/src/tds/unittests/t0007.c:70:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", cr.ti);
data/freetds-1.2.3/src/tds/unittests/t0007.c:73:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", cr.si);
data/freetds-1.2.3/src/tds/unittests/t0007.c:76:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%u", cr.usi);
data/freetds-1.2.3/src/tds/unittests/t0007.c:79:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", cr.i);
data/freetds-1.2.3/src/tds/unittests/t0007.c:82:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%u", cr.ui);
data/freetds-1.2.3/src/tds/unittests/t0007.c:85:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "0x%08x%08x", (unsigned int) ((cr.bi >> 32) & 0xfffffffflu), (unsigned int) (cr.bi & 0xfffffffflu));
data/freetds-1.2.3/src/tds/unittests/t0007.c:90:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "0x%08x%08x", (unsigned int) ((cr.ubi >> 32) & 0xfffffffflu), (unsigned int) (cr.ubi & 0xfffffffflu));
data/freetds-1.2.3/src/tds/unittests/t0007.c:93:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%08X-%04X-%04X-%02X%02X%02X%02X"
data/freetds-1.2.3/src/tds/unittests/t0007.c:101:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "len=%d", res);
data/freetds-1.2.3/src/tds/unittests/t0007.c:103:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(strchr(buf, 0), " %02X", (TDS_UCHAR) cr.ib[i]);
data/freetds-1.2.3/src/tds/unittests/t0007.c:111:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%ld %ld", (long int) cr.dt.dtdays, (long int) cr.dt.dttime);
data/freetds-1.2.3/src/tds/unittests/t0007.c:114:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%ld", (long int) cr.date);
data/freetds-1.2.3/src/tds/unittests/t0007.c:117:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%ld", (long int) cr.time);
data/freetds-1.2.3/src/tds/unittests/t0007.c:390:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64], expected[64];
data/freetds-1.2.3/src/tds/unittests/t0007.c:407:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cr_src, &cr_dst, sizeof(cr_dst));
data/freetds-1.2.3/src/tds/unittests/t0008.c:31:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/freetds-1.2.3/src/tds/unittests/t0008.c:32:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[256];
data/freetds-1.2.3/src/tds/unittests/t0008.c:39:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(result, " 00");
data/freetds-1.2.3/src/tds/unittests/t0008.c:40:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result + strlen(intro) + 1, cont, strlen(cont));
data/freetds-1.2.3/src/tds/unittests/t0008.c:47:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "error");
data/freetds-1.2.3/src/tds/unittests/t0008.c:49:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "prec=%d scale=%d", cr.n.precision, cr.n.scale);
data/freetds-1.2.3/src/tds/unittests/t0008.c:51:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(strchr(buf, 0), " %02X", cr.n.array[i]);
data/freetds-1.2.3/src/tds/unittests/t0008.c:76:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char long_test[201];
data/freetds-1.2.3/src/tds/unittests/t0008.c:91:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(long_test, "1234567890");
data/freetds-1.2.3/src/tds/unittests/t0008.c:94:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(long_test, "1234.", 5);
data/freetds-1.2.3/src/tds/unittests/utf8_1.c:67:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/freetds-1.2.3/src/tds/unittests/utf8_1.c:68:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[256];
data/freetds-1.2.3/src/tds/unittests/utf8_1.c:188:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(CHARSET, "UTF-8");
data/freetds-1.2.3/src/tds/unittests/utf8_1.c:197:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[32];
data/freetds-1.2.3/src/tds/unittests/utf8_1.c:198:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/freetds-1.2.3/src/tds/unittests/utf8_1.c:201:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "aaa");
data/freetds-1.2.3/src/tds/unittests/utf8_1.c:204:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[256];
data/freetds-1.2.3/src/tds/unittests/utf8_1.c:216:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(type, "NVARCHAR(%d)", utf8_max_len);
data/freetds-1.2.3/src/tds/unittests/utf8_2.c:33:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char test_name[128];
data/freetds-1.2.3/src/tds/unittests/utf8_2.c:42:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024+128], tmp[1024];
data/freetds-1.2.3/src/tds/unittests/utf8_2.c:47:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix[32], suffix[32];
data/freetds-1.2.3/src/tds/unittests/utf8_2.c:49:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(test_name, "test %d len %d", type, n);
data/freetds-1.2.3/src/tds/unittests/utf8_2.c:57:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(suffix, "C280C290");
data/freetds-1.2.3/src/tds/unittests/utf8_2.c:61:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(prefix, "C480C290");
data/freetds-1.2.3/src/tds/unittests/utf8_2.c:62:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(suffix, "C480C290");
data/freetds-1.2.3/src/tds/unittests/utf8_2.c:67:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(strchr(tmp, 0), "%02X", 0x30 + (i % 10));
data/freetds-1.2.3/src/tds/unittests/utf8_2.c:119:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(suffix, "\x80\x90");
data/freetds-1.2.3/src/tds/unittests/utf8_2.c:123:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(prefix, "?\x90");
data/freetds-1.2.3/src/tds/unittests/utf8_2.c:124:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(suffix, "?\x90");
data/freetds-1.2.3/src/tds/unittests/utf8_2.c:134:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(strchr(tmp, 0), "%c", "0123456789"[i % 10]);
data/freetds-1.2.3/src/tds/unittests/utf8_2.c:212:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(CHARSET, "ISO8859-1");
data/freetds-1.2.3/src/tds/unittests/utf8_3.c:32:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char query[1024];
data/freetds-1.2.3/src/tds/unittests/utf8_3.c:33:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[129 * 3];
data/freetds-1.2.3/src/tds/unittests/utf8_3.c:120:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(CHARSET, "UTF-8");
data/freetds-1.2.3/src/tds/unittests/utf8_3.c:129:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[129 * 8];
data/freetds-1.2.3/src/tds/unittests/utf8_3.c:135:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(strchr(buf, 0), "&#x%04x;", 0x4000 + i);
data/freetds-1.2.3/src/tds/util.c:417:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, s, len);
data/freetds-1.2.3/src/tds/write.c:77:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tds->out_buf + tds->out_pos, bufp, left);
data/freetds-1.2.3/src/utils/des.c:146:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char si[8][64] = {
data/freetds-1.2.3/src/utils/des.c:223:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char pbox[32] = {
data/freetds-1.2.3/src/utils/des.c:290:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pc1m[56]; /* place to modify pc1 into */
data/freetds-1.2.3/src/utils/des.c:291:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pcr[56]; /* place to rotate pc1 into */
data/freetds-1.2.3/src/utils/des.c:631:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&output[j * 8], &plain[j * 8], 8);
data/freetds-1.2.3/src/utils/getpassarg.c:39:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pwd[256], *ptr, *q;
data/freetds-1.2.3/src/utils/hmac_md5.c:40:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void hmac_md5(const unsigned char key[16],
data/freetds-1.2.3/src/utils/hmac_md5.c:46:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char k_ipad[64];
data/freetds-1.2.3/src/utils/hmac_md5.c:47:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char k_opad[64];
data/freetds-1.2.3/src/utils/md4.c:101:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, buf, len);
data/freetds-1.2.3/src/utils/md4.c:104:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, buf, t);
data/freetds-1.2.3/src/utils/md4.c:113:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->in, buf, 64);
data/freetds-1.2.3/src/utils/md4.c:122:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->in, buf, len);
data/freetds-1.2.3/src/utils/md4.c:169:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(digest, ctx->buf, 16);
data/freetds-1.2.3/src/utils/md5.c:84:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, buf, len);
data/freetds-1.2.3/src/utils/md5.c:87:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, buf, t);
data/freetds-1.2.3/src/utils/md5.c:96:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->in, buf, 64);
data/freetds-1.2.3/src/utils/md5.c:105:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->in, buf, len);
data/freetds-1.2.3/src/utils/md5.c:151:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(digest, ctx->buf, 16);
data/freetds-1.2.3/src/utils/tdsstring.c:88:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->dstr_s, src, length);
data/freetds-1.2.3/src/utils/threadsafe.c:94:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result, tm, sizeof(*result));
data/freetds-1.2.3/src/utils/threadsafe.c:111:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char usecs[10];
data/freetds-1.2.3/src/utils/threadsafe.c:129:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(usecs, ".%06lu", (long) tv.tv_usec);
data/freetds-1.2.3/src/utils/threadsafe.c:220:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096];
data/freetds-1.2.3/src/utils/threadsafe.c:229:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096];
data/freetds-1.2.3/src/utils/threadsafe.c:263:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/freetds-1.2.3/src/utils/threadsafe.c:317:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAX_PATH] = "";
data/freetds-1.2.3/src/utils/unittests/challenge.c:43:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char long_string[512];
data/freetds-1.2.3/src/utils/unittests/challenge.c:51:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "%02x", *src++);
data/freetds-1.2.3/src/utils/unittests/challenge.c:60:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[16];
data/freetds-1.2.3/src/utils/unittests/challenge.c:61:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_digest[34];
data/freetds-1.2.3/src/utils/unittests/challenge.c:95:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[16];
data/freetds-1.2.3/src/utils/unittests/challenge.c:96:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_digest[34];
data/freetds-1.2.3/src/utils/unittests/challenge.c:127:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[16];
data/freetds-1.2.3/src/utils/unittests/challenge.c:128:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_digest[34];
data/freetds-1.2.3/src/utils/unittests/challenge.c:152:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[128];
data/freetds-1.2.3/src/utils/unittests/challenge.c:153:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_digest[256];
data/freetds-1.2.3/src/utils/unittests/challenge.c:185:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(long_string, "test md4 12345");
data/freetds-1.2.3/src/utils/unittests/passarg.c:54:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen("passarg.in", "w");
data/freetds-1.2.3/vms/edit.c:35:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vms_fnm[VMS_MAXRSS];
data/freetds-1.2.3/vms/getpass.c:88:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input_fspec[MY_PASSWORD_LEN + 1];
data/freetds-1.2.3/vms/getpass.c:263:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char passbuf[MY_PASSWORD_LEN + 1];
data/freetds-1.2.3/vms/vmsarg_parse.c:72:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char command[S_LENGTH], value_template[S_LENGTH];
data/freetds-1.2.3/vms/vmsarg_parse.c:73:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char qual_template[S_LENGTH];
data/freetds-1.2.3/vms/vmsarg_parse.c:75:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *vms_arg[MAX_ARGS];
data/freetds-1.2.3/vms/vmsarg_parse.c:76:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *unix_arg[MAX_ARGS];
data/freetds-1.2.3/vms/vmsarg_parse.c:77:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *unix_narg[MAX_ARGS];
data/freetds-1.2.3/vms/vmsarg_parse.c:78:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *vms_key[MAX_ARGS];
data/freetds-1.2.3/vms/vmsarg_parse.c:79:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *unix_key[MAX_ARGS];
data/freetds-1.2.3/vms/vmsarg_parse.c:80:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *separator[MAX_ARGS];
data/freetds-1.2.3/vms/vmsarg_parse.c:81:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *pattern[MAX_ARGS];
data/freetds-1.2.3/vms/vmsarg_parse.c:83:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char foreign_image[S_LENGTH];
data/freetds-1.2.3/vms/vmsarg_parse.c:86:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char arg_string[S_LENGTH], arg_element[S_LENGTH];
data/freetds-1.2.3/vms/vmsarg_parse.c:87:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char value[S_LENGTH];
data/freetds-1.2.3/vms/vmsarg_parse.c:94:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char command_args[S_LENGTH];
data/freetds-1.2.3/vms/vmsarg_parse.c:97:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *newargv[MAX_ARGS];
data/freetds-1.2.3/vms/vmsarg_parse.c:359:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[S_LENGTH];
data/freetds-1.2.3/vms/vmsarg_parse.c:388:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[S_LENGTH];
data/freetds-1.2.3/vms/vmsarg_parse.c:465:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char date_text[30];
data/freetds-1.2.3/vms/vmsarg_parse.c:467:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char year_4[5], year_2[4], month_name[4];
data/freetds-1.2.3/vms/vmsarg_parse.c:468:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char month_2[3], month_1[3], date_2[3], date_1[3];
data/freetds-1.2.3/vms/vmsarg_parse.c:469:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hour_2[3], hour_1[3], minute[3], second[3];
data/freetds-1.2.3/vms/vmsarg_parse.c:533:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(month_2, "%02d", i);
data/freetds-1.2.3/vms/vmsarg_parse.c:534:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(month_1, "%d", i);
data/freetds-1.2.3/vms/vmsarg_parse.c:674:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char quote_string[2];
data/freetds-1.2.3/include/freetds/odbc.h:710:22: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define sqlwcslen(s) wcslen(s)
data/freetds-1.2.3/include/freetds/stream.h:35:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int (*read)(struct tds_input_stream *stream, void *ptr, size_t len);
data/freetds-1.2.3/include/freetds/sysdep_private.h:172:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
# define READSOCKET(s,b,l) read((s), (b), (l))
data/freetds-1.2.3/samples/debug.c:50:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((len = read(fd, buf, BUFSIZ)) > 0) {
data/freetds-1.2.3/src/apps/bsqldb.c:460:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (metadata[c].width < strlen(metadata[c].name))
data/freetds-1.2.3/src/apps/bsqldb.c:461:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
metadata[c].width = strlen(metadata[c].name);
data/freetds-1.2.3/src/apps/bsqldb.c:552:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (metacompute[i]->meta[c].width < strlen(metacompute[i]->meta[c].name))
data/freetds-1.2.3/src/apps/bsqldb.c:553:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
metacompute[i]->meta[c].width = strlen(metacompute[i]->meta[c].name);
data/freetds-1.2.3/src/apps/bsqldb.c:816:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(meta->format_string);
data/freetds-1.2.3/src/apps/bsqldb.c:825:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (width < strlen(meta->name))
data/freetds-1.2.3/src/apps/bsqldb.c:826:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
width = strlen(meta->name);
data/freetds-1.2.3/src/apps/bsqldb.c:875:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(p, p+1, 1 + strlen(p+1));
data/freetds-1.2.3/src/apps/bsqldb.c:1055:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(password, 0, strlen(password));
data/freetds-1.2.3/src/apps/bsqldb.c:1101:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(srvname) > 0)
data/freetds-1.2.3/src/apps/bsqldb.c:1103:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(procname) > 0)
data/freetds-1.2.3/src/apps/bsqlodbc.c:383:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(query_line))
data/freetds-1.2.3/src/apps/bsqlodbc.c:385:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = (char *) realloc(sql, 1 + (sql? strlen(sql) : 0) + strlen(query_line));
data/freetds-1.2.3/src/apps/bsqlodbc.c:385:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = (char *) realloc(sql, 1 + (sql? strlen(sql) : 0) + strlen(query_line));
data/freetds-1.2.3/src/apps/bsqlodbc.c:582:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (metadata[c].width < strlen(metadata[c].name))
data/freetds-1.2.3/src/apps/bsqlodbc.c:583:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
metadata[c].width = strlen(metadata[c].name);
data/freetds-1.2.3/src/apps/bsqlodbc.c:699:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (width < strlen(meta->name))
data/freetds-1.2.3/src/apps/bsqlodbc.c:700:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
width = strlen(meta->name);
data/freetds-1.2.3/src/apps/bsqlodbc.c:753:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(p, p+1, 1 + strlen(p+1));
data/freetds-1.2.3/src/apps/bsqlodbc.c:792:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(optarg, 0, strlen(optarg));
data/freetds-1.2.3/src/apps/datacopy.c:186:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(tok, '*', strlen(tok));
data/freetds-1.2.3/src/apps/datacopy.c:838:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(srvname) > 0)
data/freetds-1.2.3/src/apps/datacopy.c:840:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(procname) > 0)
data/freetds-1.2.3/src/apps/defncopy.c:532:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((i = fgetc(create_index)) != EOF) {
data/freetds-1.2.3/src/apps/defncopy.c:700:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(password, 0, strlen(password));
data/freetds-1.2.3/src/apps/defncopy.c:804:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(srvname) > 0)
data/freetds-1.2.3/src/apps/defncopy.c:806:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(procname) > 0)
data/freetds-1.2.3/src/apps/fisql/fisql.c:92:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos += strlen(line + pos);
data/freetds-1.2.3/src/apps/fisql/fisql.c:211:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(dbcolname(dbproc, col)) > collen) {
data/freetds-1.2.3/src/apps/fisql/fisql.c:212:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
collen = strlen(dbcolname(dbproc, col));
data/freetds-1.2.3/src/apps/fisql/fisql.c:285:13: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
old_mask = umask(077);
data/freetds-1.2.3/src/apps/fisql/fisql.c:287:2: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(old_mask);
data/freetds-1.2.3/src/apps/fisql/fisql.c:454:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
firstword[strlen(firstword)] = firstword_separator;
data/freetds-1.2.3/src/apps/fisql/fisql.c:613:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sybenv = (char *) xmalloc((strlen(optarg) + 8) * sizeof(char));
data/freetds-1.2.3/src/apps/fisql/fisql.c:695:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(password, 0, strlen(password));
data/freetds-1.2.3/src/apps/fisql/fisql.c:728:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dbsetopt(dbproc, DBPRLINESEP, lineseparator, strlen(lineseparator));
data/freetds-1.2.3/src/apps/fisql/fisql.c:730:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dbsetopt(dbproc, DBPRCOLSEP, colseparator, strlen(colseparator));
data/freetds-1.2.3/src/apps/fisql/fisql.c:810:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
collen -= strlen(opname);
data/freetds-1.2.3/src/apps/fisql/handlers.c:50:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(srvname) > 0) {
data/freetds-1.2.3/src/apps/fisql/handlers.c:53:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(procname) > 0) {
data/freetds-1.2.3/src/apps/freebcp.c:160:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(p, p+1, 1 + strlen(p+1));
data/freetds-1.2.3/src/apps/freebcp.c:418:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(pdata->pass, 0, strlen(pdata->pass));
data/freetds-1.2.3/src/apps/freebcp.c:759:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (bcp_options(pdbproc, BCPHINTS, (BYTE *) pdata->hint, strlen(pdata->hint)) != SUCCEED) {
data/freetds-1.2.3/src/apps/freebcp.c:818:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(srvname) > 0)
data/freetds-1.2.3/src/apps/freebcp.c:820:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(procname) > 0)
data/freetds-1.2.3/src/apps/tsql.c:152:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos += strlen(line + pos);
data/freetds-1.2.3/src/apps/tsql.c:364:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
argv = tds_new0(char*, strlen(s) + 2);
data/freetds-1.2.3/src/apps/tsql.c:520:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *minus_flags = tds_new(char, strlen(opt_flags_str) + 5);
data/freetds-1.2.3/src/apps/tsql.c:615:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(password, 0, strlen(password));
data/freetds-1.2.3/src/apps/tsql.c:649:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (msg->proc_name && strlen(msg->proc_name))
data/freetds-1.2.3/src/apps/tsql.c:683:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (*buflen + strlen(s) + 2 > *bufsz) {
data/freetds-1.2.3/src/apps/tsql.c:691:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*buflen += strlen(*mybuf + *buflen);
data/freetds-1.2.3/src/apps/tsql.c:720:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(STDERR_FILENO, buf, strlen(buf));
data/freetds-1.2.3/src/apps/tsql.c:864:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0 == strncasecmp(s, "go", 2) && (strlen(s) == 2 || TDS_ISSPACE(s[2]))) {
data/freetds-1.2.3/src/apps/tsql.c:905:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (buflen + strlen(s) + 2 > bufsz) {
data/freetds-1.2.3/src/apps/tsql.c:915:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(mybuf + buflen, "\n");
data/freetds-1.2.3/src/apps/tsql.c:916:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buflen += strlen(mybuf + buflen);
data/freetds-1.2.3/src/ctlib/blk.c:200:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
datafmt->namelen = strlen(datafmt->name);
data/freetds-1.2.3/src/ctlib/blk.c:327:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tnamelen = strlen(tablename);
data/freetds-1.2.3/src/ctlib/cs.c:419:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
maxcp = strlen((char*) buffer) + 1;
data/freetds-1.2.3/src/ctlib/cs.c:947:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buflen = strlen((char *)buffer);
data/freetds-1.2.3/src/ctlib/cs.c:960:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buflen = strlen((char *)buffer);
data/freetds-1.2.3/src/ctlib/cs.c:977:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buflen = strlen(b);
data/freetds-1.2.3/src/ctlib/cs.c:1028:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tlen = (locale->charset ? strlen(locale->charset) : 0) + 1;
data/freetds-1.2.3/src/ctlib/cs.c:1043:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tlen = (locale->language ? strlen(locale->language) : 0) + 1;
data/freetds-1.2.3/src/ctlib/cs.c:1061:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tlen = (locale->language ? strlen(locale->language) : 0) + 1;
data/freetds-1.2.3/src/ctlib/cs.c:1062:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
clen = (locale->charset ? strlen(locale->charset) : 0) + 1;
data/freetds-1.2.3/src/ctlib/cs.c:1074:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat((char *)buffer, ".");
data/freetds-1.2.3/src/ctlib/cs.c:1076:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tlen = strlen((char *)buffer);
data/freetds-1.2.3/src/ctlib/cs.c:1084:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tlen = (locale->collate ? strlen(locale->collate) : 0) + 1;
data/freetds-1.2.3/src/ctlib/ct.c:799:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
query_len = strlen((const char *) buffer);
data/freetds-1.2.3/src/ctlib/ct.c:818:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
current_query_len = strlen(cmd->query);
data/freetds-1.2.3/src/ctlib/ct.c:820:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(cmd->query, (const char *) buffer, query_len);
data/freetds-1.2.3/src/ctlib/ct.c:2453:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
datafmt->namelen = strlen(datafmt->name);
data/freetds-1.2.3/src/ctlib/ct.c:2589:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*outlen = strlen((char*) buffer);
data/freetds-1.2.3/src/ctlib/ct.c:2609:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*outlen = strlen((char*) buffer);
data/freetds-1.2.3/src/ctlib/ct.c:2718:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(cursor->cursor_name);
data/freetds-1.2.3/src/ctlib/ct.c:2907:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd->iodesc->namelen = strlen(cmd->iodesc->name);
data/freetds-1.2.3/src/ctlib/ct.c:3283:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
query_len = strlen(buffer);
data/freetds-1.2.3/src/ctlib/ct.c:3857:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cursor = tds_alloc_cursor(tds, name, namelen == CS_NULLTERM ? strlen(name) : namelen,
data/freetds-1.2.3/src/ctlib/ct.c:3858:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text, tlen == CS_NULLTERM ? strlen(text) : tlen);
data/freetds-1.2.3/src/ctlib/ct.c:4151:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
temp_datalen = strlen((const char*) temp_value);
data/freetds-1.2.3/src/ctlib/ct.c:4324:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(unsigned int) strlen((const char*) data));
data/freetds-1.2.3/src/ctlib/ct.c:4325:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*(param->datalen) = strlen((const char*) data);
data/freetds-1.2.3/src/ctlib/ct.c:4687:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
id_len = strlen(id);
data/freetds-1.2.3/src/ctlib/ct.c:4718:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
id_len = strlen(id);
data/freetds-1.2.3/src/ctlib/ctutil.c:97:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
errmsg.msgstringlen = strlen(errmsg.msgstring);
data/freetds-1.2.3/src/ctlib/ctutil.c:150:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
errmsg.textlen = strlen(errmsg.text);
data/freetds-1.2.3/src/ctlib/ctutil.c:154:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
errmsg.sqlstatelen = strlen((char *) errmsg.sqlstate);
data/freetds-1.2.3/src/ctlib/ctutil.c:159:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
errmsg.svrnlen = strlen(msg->server);
data/freetds-1.2.3/src/ctlib/ctutil.c:163:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
errmsg.proclen = strlen(msg->proc_name);
data/freetds-1.2.3/src/ctlib/unittests/common.c:52:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (p = path + strlen(path); --p > path && (*p == '/' || *p == '\\');)
data/freetds-1.2.3/src/ctlib/unittests/cs_config.c:53:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ret_len != (strlen(string_in) + 1)) {
data/freetds-1.2.3/src/ctlib/unittests/cs_config.c:54:82: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("returned length >%d< not as expected >%u<\n", ret_len, (unsigned int) (strlen(string_in) + 1));
data/freetds-1.2.3/src/ctlib/unittests/cs_config.c:80:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ret_len != (strlen(string_in) + 1)) {
data/freetds-1.2.3/src/ctlib/unittests/cs_config.c:81:82: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("returned length >%d< not as expected >%u<\n", ret_len, (unsigned int) (strlen(string_in) + 1));
data/freetds-1.2.3/src/ctlib/unittests/cs_convert.c:211:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
, CS_CHAR_TYPE, test, strlen(test), CS_MONEY4_TYPE, sizeof(test2), CS_SUCCEED, &test2, sizeof(test2));
data/freetds-1.2.3/src/ctlib/unittests/cs_convert.c:214:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
, CS_CHAR_TYPE, test, strlen(test), CS_MONEY4_TYPE, sizeof(test2), CS_SUCCEED, &test2, sizeof(test2));
data/freetds-1.2.3/src/ctlib/unittests/cs_convert.c:217:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
, CS_CHAR_TYPE, test, strlen(test), CS_MONEY4_TYPE, sizeof(test2), CS_SUCCEED, &test2, sizeof(test2));
data/freetds-1.2.3/src/ctlib/unittests/cs_convert.c:220:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
, CS_CHAR_TYPE, test, strlen(test), CS_MONEY4_TYPE, sizeof(test2), CS_FAIL, NULL, 0);
data/freetds-1.2.3/src/ctlib/unittests/cs_convert.c:223:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
, CS_CHAR_TYPE, test, strlen(test), CS_MONEY4_TYPE, sizeof(test2), CS_SUCCEED, &test2, sizeof(test2));
data/freetds-1.2.3/src/ctlib/unittests/cs_convert.c:226:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
, CS_CHAR_TYPE, test, strlen(test), CS_MONEY4_TYPE, sizeof(test2), CS_SUCCEED, &test2, sizeof(test2));
data/freetds-1.2.3/src/ctlib/unittests/cs_convert.c:229:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
, CS_CHAR_TYPE, test, strlen(test), CS_MONEY4_TYPE, sizeof(test2), CS_SUCCEED, &test2, sizeof(test2));
data/freetds-1.2.3/src/ctlib/unittests/cs_convert.c:232:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
, CS_CHAR_TYPE, test, strlen(test), CS_MONEY4_TYPE, sizeof(test2), CS_SUCCEED, &test2, sizeof(test2));
data/freetds-1.2.3/src/ctlib/unittests/cs_convert.c:235:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
, CS_CHAR_TYPE, test, strlen(test), CS_MONEY4_TYPE, sizeof(test2), CS_FAIL, NULL, 0);
data/freetds-1.2.3/src/ctlib/unittests/cs_convert.c:238:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
, CS_CHAR_TYPE, test, strlen(test), CS_MONEY4_TYPE, sizeof(test2), CS_FAIL, NULL, 0);
data/freetds-1.2.3/src/ctlib/unittests/lang_ct_param.c:124:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(dummy_name2, "");
data/freetds-1.2.3/src/ctlib/unittests/lang_ct_param.c:133:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
srcfmt.maxlength = strlen(moneystring);
data/freetds-1.2.3/src/ctlib/unittests/lang_ct_param.c:167:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((ret = ct_command(cmd, CS_LANG_CMD, query, strlen(query),
data/freetds-1.2.3/src/ctlib/unittests/lang_ct_param.c:192:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = ct_param(cmd, &datafmt, dummy_name, strlen(dummy_name), 0);
data/freetds-1.2.3/src/ctlib/unittests/lang_ct_param.c:207:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = ct_param(cmd, &datafmt, dummy_name2, strlen(dummy_name2), 0);
data/freetds-1.2.3/src/ctlib/unittests/row_count.c:208:10: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
assert(sscanf(results, "%30s %d %n", res, &rows, &pos) >= 2 && pos > 0);
data/freetds-1.2.3/src/ctlib/unittests/rpc_ct_param.c:129:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
srcfmt.maxlength = strlen(moneystring);
data/freetds-1.2.3/src/ctlib/unittests/rpc_ct_param.c:625:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return MAX((CS_INT) (strlen(column->name) + 1), len);
data/freetds-1.2.3/src/ctlib/unittests/rpc_ct_param.c:641:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = disp_len - strlen(columns[i].name);
data/freetds-1.2.3/src/ctlib/unittests/rpc_ct_setparam.c:122:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
srcfmt.maxlength = strlen(moneystring);
data/freetds-1.2.3/src/ctlib/unittests/rpc_ct_setparam.c:649:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return MAX((CS_INT) (strlen(column->name) + 1), len);
data/freetds-1.2.3/src/ctlib/unittests/rpc_ct_setparam.c:665:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = disp_len - strlen(columns[i].name);
data/freetds-1.2.3/src/ctlib/unittests/t0003.c:124:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (datalength != strlen(name) + 1) {
data/freetds-1.2.3/src/ctlib/unittests/t0003.c:125:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(stderr, "Bad count:\n'%ld'\n! =\n'%d'\n", (long) strlen(name) + 1, count);
data/freetds-1.2.3/src/ctlib/unittests/t0007.c:155:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (datalength[0] != strlen(name[0]) + 1) {
data/freetds-1.2.3/src/ctlib/unittests/t0007.c:156:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(stderr, "Bad length:\n'%ld'\n! =\n'%d'\n", (long) strlen(name[0]) + 1, datalength[0]);
data/freetds-1.2.3/src/ctlib/unittests/t0007.c:168:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (datalength[1] != strlen(name[1]) + 1) {
data/freetds-1.2.3/src/ctlib/unittests/t0007.c:169:71: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(stderr, "Col 2 bad length:\n'%ld'\n! =\n'%d'\n", (long) strlen(name[1]) + 1, datalength[1]);
data/freetds-1.2.3/src/dblib/bcp.c:185:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tblname) > 92 && !IS_TDS7_PLUS(dbproc->tds_socket->conn)) { /* 30.30.30 */
data/freetds-1.2.3/src/dblib/bcp.c:642:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncasecmp((char *) value, hints[i], strlen(hints[i])) == 0) {
data/freetds-1.2.3/src/dblib/bcp.c:798:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy ((char *) (*p_data), " ");
data/freetds-1.2.3/src/dblib/bcp.c:2248:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
collen = (int) strlen((char *) dataptr);
data/freetds-1.2.3/src/dblib/dblib.c:302:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(oldval) == 1 && *oldval == 1)
data/freetds-1.2.3/src/dblib/dblib.c:776:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (TDS_MAX_LOGIN_STR_SZ < strlen(value_nonull)) {
data/freetds-1.2.3/src/dblib/dblib.c:1026:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(*strp)->strtotlen = (DBINT)strlen(p);
data/freetds-1.2.3/src/dblib/dblib.c:1397:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd_len = strlen(cmdstring);
data/freetds-1.2.3/src/dblib/dblib.c:1467:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (name[0] == '[' && name[strlen(name)-1] == ']')
data/freetds-1.2.3/src/dblib/dblib.c:2002:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
case NTBSTRINGBIND: bindlen = (int)strlen((char *) bindval);
data/freetds-1.2.3/src/dblib/dblib.c:2004:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
case STRINGBIND: bindlen = (int)strlen((char *) bindval);
data/freetds-1.2.3/src/dblib/dblib.c:2370:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
srclen = (int)strlen((const char *) src);
data/freetds-1.2.3/src/dblib/dblib.c:2397:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
srclen = (int)strlen((const char *) src);
data/freetds-1.2.3/src/dblib/dblib.c:3670:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < ((long) col_printlens[selcol - 1] - (long) strlen(opname)); i++) {
data/freetds-1.2.3/src/dblib/dblib.c:6404:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
srclen = (int)strlen(src);
data/freetds-1.2.3/src/dblib/dblib.c:7330:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
timestr[strlen(timestr) - 1] = '\0'; /* remove newline */
data/freetds-1.2.3/src/dblib/dblib.c:8172:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char * pformats = ptext + strlen(ptext) + 1;
data/freetds-1.2.3/src/dblib/dblib.c:8177:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int result_len, len = 2 * (int)strlen(ptext);
data/freetds-1.2.3/src/dblib/dbpivot.c:306:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(output, pcol->s, pcol->len);
data/freetds-1.2.3/src/dblib/dbpivot.c:359:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(*p);
data/freetds-1.2.3/src/dblib/dbpivot.c:362:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += 1 + argc * strlen(sep); /* allows one too many */
data/freetds-1.2.3/src/dblib/unittests/batch_stmt_ins_sel.c:65:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(DATABASE)) {
data/freetds-1.2.3/src/dblib/unittests/batch_stmt_ins_upd.c:64:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(DATABASE)) {
data/freetds-1.2.3/src/dblib/unittests/bcp.c:75:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bcp_bind( dbproc, (unsigned char *) &x, prefixlen, strlen(x), NULL, termlen, SYBVARCHAR, col++ )
data/freetds-1.2.3/src/dblib/unittests/bcp.c:195:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(DATABASE))
data/freetds-1.2.3/src/dblib/unittests/cancel.c:43:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(DATABASE))
data/freetds-1.2.3/src/dblib/unittests/canquery.c:44:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(DATABASE)) {
data/freetds-1.2.3/src/dblib/unittests/colinfo.c:59:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(DATABASE))
data/freetds-1.2.3/src/dblib/unittests/common.c:64:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (p = path + strlen(path); --p > path && (*p == '/' || *p == '\\');)
data/freetds-1.2.3/src/dblib/unittests/dbmorecmds.c:40:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(DATABASE)) {
data/freetds-1.2.3/src/dblib/unittests/dbsafestr.c:31:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(unsafestr);
data/freetds-1.2.3/src/dblib/unittests/dbsafestr.c:40:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(safestr) != len + 1)
data/freetds-1.2.3/src/dblib/unittests/dbsafestr.c:46:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(safestr) != len + 1)
data/freetds-1.2.3/src/dblib/unittests/dbsafestr.c:55:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(safestr) != len + 2)
data/freetds-1.2.3/src/dblib/unittests/done_handling.c:181:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(DATABASE))
data/freetds-1.2.3/src/dblib/unittests/done_handling.c:240:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(srvname) > 0)
data/freetds-1.2.3/src/dblib/unittests/done_handling.c:242:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (procname && strlen(procname) > 0) {
data/freetds-1.2.3/src/dblib/unittests/empty_rowsets.c:42:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(DATABASE)) {
data/freetds-1.2.3/src/dblib/unittests/hang.c:105:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(DATABASE))
data/freetds-1.2.3/src/dblib/unittests/null.c:168:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(DATABASE))
data/freetds-1.2.3/src/dblib/unittests/null2.c:178:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(DATABASE))
data/freetds-1.2.3/src/dblib/unittests/numeric.c:62:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(DATABASE))
data/freetds-1.2.3/src/dblib/unittests/pending.c:36:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(DATABASE))
data/freetds-1.2.3/src/dblib/unittests/rpc.c:224:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(DATABASE))
data/freetds-1.2.3/src/dblib/unittests/setnull.c:18:72: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(stderr, "\tdbsetnull(CHARBIND, %u, '%s').\n", (unsigned int) strlen(null), null);
data/freetds-1.2.3/src/dblib/unittests/setnull.c:19:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = dbsetnull(dbproc, CHARBIND, strlen(null), (BYTE *) null);
data/freetds-1.2.3/src/dblib/unittests/setnull.c:91:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(DATABASE))
data/freetds-1.2.3/src/dblib/unittests/spid.c:44:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(DATABASE)) {
data/freetds-1.2.3/src/dblib/unittests/t0001.c:64:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(DATABASE)) {
data/freetds-1.2.3/src/dblib/unittests/t0001.c:126:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0 != strncmp(teststr, expected, strlen(expected))) {
data/freetds-1.2.3/src/dblib/unittests/t0002.c:27:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0 != strncmp(teststr, expected, strlen(expected))) {
data/freetds-1.2.3/src/dblib/unittests/t0002.c:71:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(DATABASE))
data/freetds-1.2.3/src/dblib/unittests/t0003.c:45:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(DATABASE))
data/freetds-1.2.3/src/dblib/unittests/t0003.c:106:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0 != strncmp(teststr, expected, strlen(expected))) {
data/freetds-1.2.3/src/dblib/unittests/t0004.c:41:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(DATABASE))
data/freetds-1.2.3/src/dblib/unittests/t0004.c:96:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0 != strncmp(teststr, expected, strlen(expected))) {
data/freetds-1.2.3/src/dblib/unittests/t0005.c:41:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(DATABASE))
data/freetds-1.2.3/src/dblib/unittests/t0005.c:100:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0 != strncmp(teststr, expected, strlen(expected))) {
data/freetds-1.2.3/src/dblib/unittests/t0005.c:149:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0 != strncmp(teststr, expected, strlen(expected))) {
data/freetds-1.2.3/src/dblib/unittests/t0005.c:221:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0 != strncmp(teststr, expected, strlen(expected))) {
data/freetds-1.2.3/src/dblib/unittests/t0006.c:29:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0 != strncmp(teststr, expected, strlen(expected))) {
data/freetds-1.2.3/src/dblib/unittests/t0006.c:69:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(DATABASE))
data/freetds-1.2.3/src/dblib/unittests/t0007.c:98:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(DATABASE))
data/freetds-1.2.3/src/dblib/unittests/t0007.c:132:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0 != strncmp(teststr, expected, strlen(expected))) {
data/freetds-1.2.3/src/dblib/unittests/t0007.c:190:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (testvstr.len != strlen(expected) || 0 != strncmp(testvstr.str, expected, strlen(expected))) {
data/freetds-1.2.3/src/dblib/unittests/t0007.c:190:80: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (testvstr.len != strlen(expected) || 0 != strncmp(testvstr.str, expected, strlen(expected))) {
data/freetds-1.2.3/src/dblib/unittests/t0008.c:42:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(DATABASE))
data/freetds-1.2.3/src/dblib/unittests/t0008.c:109:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0 != strncmp(teststr, expected, strlen(expected))) {
data/freetds-1.2.3/src/dblib/unittests/t0009.c:40:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(DATABASE))
data/freetds-1.2.3/src/dblib/unittests/t0011.c:35:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(DATABASE))
data/freetds-1.2.3/src/dblib/unittests/t0012.c:65:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(DATABASE)) {
data/freetds-1.2.3/src/dblib/unittests/t0013.c:68:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(DATABASE)) {
data/freetds-1.2.3/src/dblib/unittests/t0013.c:189:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(DATABASE)) {
data/freetds-1.2.3/src/dblib/unittests/t0014.c:51:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(DATABASE)) {
data/freetds-1.2.3/src/dblib/unittests/t0015.c:39:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(DATABASE))
data/freetds-1.2.3/src/dblib/unittests/t0015.c:118:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0 != strncmp(teststr, expected, strlen(expected))) {
data/freetds-1.2.3/src/dblib/unittests/t0016.c:59:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(DATABASE)) {
data/freetds-1.2.3/src/dblib/unittests/t0016.c:239:11: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int c = getc(f);
data/freetds-1.2.3/src/dblib/unittests/t0016.c:304:9: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return equal;
data/freetds-1.2.3/src/dblib/unittests/t0017.c:64:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(DATABASE)) {
data/freetds-1.2.3/src/dblib/unittests/t0018.c:42:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(DATABASE))
data/freetds-1.2.3/src/dblib/unittests/t0018.c:120:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0 != strncmp(teststr, expected, strlen(expected))) {
data/freetds-1.2.3/src/dblib/unittests/t0020.c:54:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(DATABASE))
data/freetds-1.2.3/src/dblib/unittests/t0022.c:41:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(DATABASE))
data/freetds-1.2.3/src/dblib/unittests/t0023.c:57:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(DATABASE))
data/freetds-1.2.3/src/dblib/unittests/text_buffer.c:40:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(DATABASE))
data/freetds-1.2.3/src/dblib/unittests/thread.c:79:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0 != strncmp(teststr, expected, strlen(expected))) {
data/freetds-1.2.3/src/dblib/unittests/thread.c:119:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(DATABASE))
data/freetds-1.2.3/src/dblib/unittests/thread.c:179:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(DATABASE))
data/freetds-1.2.3/src/dblib/unittests/timeout.c:139:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(DATABASE))
data/freetds-1.2.3/src/odbc/bcp.c:659:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(pdata);
data/freetds-1.2.3/src/odbc/connectparams.c:490:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(odbc_param_names[n]) + params[n].len + 2;
data/freetds-1.2.3/src/odbc/connectparams.c:535:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p->ret_val = strlen(p->buffer);
data/freetds-1.2.3/src/odbc/connectparams.c:587:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
param.ret_val = strlen(pRetBuffer);
data/freetds-1.2.3/src/odbc/convert_tds2sql.c:412:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(buf + strlen(buf), " %c%02d:%02d", sign, off / 60, off % 60);
data/freetds-1.2.3/src/odbc/convert_tds2sql.c:415:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nRetVal = strlen(buf);
data/freetds-1.2.3/src/odbc/native.c:327:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen(s);
data/freetds-1.2.3/src/odbc/odbc.c:6078:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (SQL_SUCCESS != odbc_set_stmt_query(stmt, (ODBC_CHAR*) sql, strlen(sql) _wide0))
data/freetds-1.2.3/src/odbc/odbc.c:7268:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(begin) + 3;
data/freetds-1.2.3/src/odbc/odbc.c:7367:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(begin);
data/freetds-1.2.3/src/odbc/odbc_util.c:62:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sql_len = wide ? sqlwcslen(sql->wide) : strlen(sql->mb);
data/freetds-1.2.3/src/odbc/odbc_util.c:64:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sql_len = strlen((const char*) sql);
data/freetds-1.2.3/src/odbc/odbc_util.c:94:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return wide ? sqlwcslen(str->wide) : strlen(str->mb);
data/freetds-1.2.3/src/odbc/odbc_util.c:96:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen((const char*) str);
data/freetds-1.2.3/src/odbc/odbc_util.c:309:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(s);
data/freetds-1.2.3/src/odbc/prepare_query.c:345:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen((char *) DataPtr);
data/freetds-1.2.3/src/odbc/sql2tds.c:310:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(src);
data/freetds-1.2.3/src/odbc/unittests/bcp.c:141:93: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bcp_bind( odbc_conn, (unsigned char *) (prefixlen == 0 ? (void*)&x.value : &x), prefixlen, strlen(x.value), NULL, termlen, BCP_TYPE_SQLVARCHAR, col++ )
data/freetds-1.2.3/src/odbc/unittests/common.c:50:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(path);
data/freetds-1.2.3/src/odbc/unittests/common.c:152:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(path);
data/freetds-1.2.3/src/odbc/unittests/common.c:736:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(s) + 1;
data/freetds-1.2.3/src/odbc/unittests/compute.c:55:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(c1) != ind1 || strcmp(c1, col1) != 0) {
data/freetds-1.2.3/src/odbc/unittests/compute.c:57:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int) strlen(c1));
data/freetds-1.2.3/src/odbc/unittests/compute.c:61:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(c2) != ind2 || strcmp(c2, col2) != 0) {
data/freetds-1.2.3/src/odbc/unittests/compute.c:63:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int) strlen(c2));
data/freetds-1.2.3/src/odbc/unittests/compute.c:147:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(col2, "%");
data/freetds-1.2.3/src/odbc/unittests/compute.c:154:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(col2, "&");
data/freetds-1.2.3/src/odbc/unittests/connect2.c:59:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CHKSetConnectAttr(SQL_ATTR_CURRENT_CATALOG, (SQLPOINTER) T(dbname), strlen(dbname)*sizeof(SQLTCHAR), "SI");
data/freetds-1.2.3/src/odbc/unittests/connect2.c:84:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CHKSetConnectAttr(SQL_ATTR_CURRENT_CATALOG, (SQLPOINTER) tmp, strlen(tmp), "E");
data/freetds-1.2.3/src/odbc/unittests/convert_error.c:26:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CHKPrepare(T(sql), strlen(sql), "S");
data/freetds-1.2.3/src/odbc/unittests/convert_error.c:30:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CHKBindParameter(id++, SQL_PARAM_INPUT, SQL_C_CHAR, type2, strlen(val) + 1, 0, (SQLCHAR *) val,
data/freetds-1.2.3/src/odbc/unittests/freeclose.c:152:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
insert_len = strlen(insert_buf);
data/freetds-1.2.3/src/odbc/unittests/freeclose.c:155:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(insert_buf, p, strlen(p) + 1);
data/freetds-1.2.3/src/odbc/unittests/funccall.c:195:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(out2, " ");
data/freetds-1.2.3/src/odbc/unittests/genparams.c:113:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t value_len = strlen(value_to_convert);
data/freetds-1.2.3/src/odbc/unittests/getdata.c:41:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(s2);
data/freetds-1.2.3/src/odbc/unittests/params.c:42:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CHKPrepare(T(SP_TEXT), strlen(SP_TEXT), "S");
data/freetds-1.2.3/src/odbc/unittests/params.c:54:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CHKPrepare(T(SP_TEXT), strlen(SP_TEXT), "S");
data/freetds-1.2.3/src/odbc/unittests/parser.c:59:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s) < 3)
data/freetds-1.2.3/src/odbc/unittests/putdata.c:25:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(test_text), n, i;
data/freetds-1.2.3/src/odbc/unittests/putdata.c:66:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen(p);
data/freetds-1.2.3/src/odbc/unittests/raiserror.c:89:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s) != ind || strcmp(buf, s) != 0)
data/freetds-1.2.3/src/odbc/unittests/raiserror.c:135:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!SQL_SUCCEEDED(SQLPrepare(odbc_stmt, T(SP_TEXT), strlen(SP_TEXT)))) {
data/freetds-1.2.3/src/odbc/unittests/rebindpar.c:16:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen(buf);
data/freetds-1.2.3/src/odbc/unittests/scroll.c:104:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (n[i] != i + t->start || c_len[i] != strlen(name) || strcmp(c[i], name) != 0) {
data/freetds-1.2.3/src/odbc/unittests/scroll.c:107:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(stderr, "\tc len %d %d\n", (int) c_len[i], (int) strlen(name));
data/freetds-1.2.3/src/odbc/unittests/stats.c:23:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define LEN(x) (x) ? strlen(x) : 0
data/freetds-1.2.3/src/odbc/unittests/t0001.c:40:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (cnamesize != strlen((char *) output))
data/freetds-1.2.3/src/odbc/unittests/t0004.c:16:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ind = strlen(buf);
data/freetds-1.2.3/src/odbc/unittests/t0004.c:30:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ind = strlen(buf);
data/freetds-1.2.3/src/odbc/unittests/tables.c:60:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define LEN(x) (x) ? strlen(x) : SQL_NULL_DATA
data/freetds-1.2.3/src/odbc/unittests/tables.c:65:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
table_len = strlen(table);
data/freetds-1.2.3/src/odbc/unittests/utf8.c:53:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = minimun ? (strlen(strings_hex[p-strings]) - 2) /4 : 40;
data/freetds-1.2.3/src/odbc/unittests/utf8.c:56:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = minimun ? (strlen(strings_hex[p+1-strings]) - 2) /4 : 40;
data/freetds-1.2.3/src/odbc/unittests/utf8.c:60:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s1_len = strlen(p[0]);
data/freetds-1.2.3/src/odbc/unittests/utf8.c:61:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s2_len = strlen(p[1]);
data/freetds-1.2.3/src/odbc/unittests/utf8_2.c:84:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (n_len[p[n].num] != strlen(p[n].out) || strcmp(p[n].out, out[p[n].num]) != 0) {
data/freetds-1.2.3/src/odbc/unittests/utf8_3.c:69:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen((char *) buf) == sizeof(buf) - 1);
data/freetds-1.2.3/src/odbc/unittests/utf8_4.c:22:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(exp) != tds_dstr_len(&s) || strcmp(exp, tds_dstr_cstr(&s)) != 0) {
data/freetds-1.2.3/src/odbc/winsetup.c:115:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (str = attribs; *str; str += strlen(str) + 1) {
data/freetds-1.2.3/src/odbc/winsetup.c:127:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (str = attribs; *str; str += strlen(str) + 1) {
data/freetds-1.2.3/src/odbc/winsetup.c:129:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(build, ";");
data/freetds-1.2.3/src/odbc/winsetup.c:134:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
odbc_parse_connect_string(NULL, build, build + strlen(build), di->login, NULL);
data/freetds-1.2.3/src/odbc/winsetup.c:403:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (msg && lpszMsg && cbMsgMax > strlen(msg)) {
data/freetds-1.2.3/src/odbc/winsetup.c:405:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*pcbMsgOut = (WORD) strlen(msg);
data/freetds-1.2.3/src/pool/member.c:102:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (pool->database && strlen(pool->database)) {
data/freetds-1.2.3/src/pool/member.c:121:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (pool->database && strlen(pool->database)) {
data/freetds-1.2.3/src/replacements/basename.c:45:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (p = path + strlen(path); --p > path && TDS_ISDIR_SEPARATOR(*p);)
data/freetds-1.2.3/src/replacements/daemon.c:135:2: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(0);
data/freetds-1.2.3/src/replacements/getaddrinfo.c:110:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(he->h_name) + 1;
data/freetds-1.2.3/src/replacements/getaddrinfo.c:133:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(he->h_aliases[i]) + 1;
data/freetds-1.2.3/src/replacements/readpassphrase.c:164:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void)write(output, prompt, strlen(prompt));
data/freetds-1.2.3/src/replacements/readpassphrase.c:166:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (p = buf; (nr = read(input, &ch, 1)) == 1 && ch != '\n' && ch != '\r';) {
data/freetds-1.2.3/src/replacements/readpassphrase.c:249:22: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (p = buf; (ch = getchar()) != EOF && ch != '\n' && ch != '\r';) {
data/freetds-1.2.3/src/replacements/strlcat.c:32:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t dest_len = strlen(dest);
data/freetds-1.2.3/src/replacements/strlcat.c:33:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t src_len = strlen(src);
data/freetds-1.2.3/src/replacements/strlcpy.c:32:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen(src);
data/freetds-1.2.3/src/replacements/unittests/strtok_r.c:37:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(s);
data/freetds-1.2.3/src/replacements/vasprintf.c:69:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
chunks = ((strlen(fmt) + 1) / CHUNKSIZE) + 1;
data/freetds-1.2.3/src/server/server.c:59:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
totsize = (IS_TDS7_PLUS(tds->conn) ? 2 : 1) * (strlen(oldvalue) + strlen(newvalue)) + 3;
data/freetds-1.2.3/src/server/server.c:59:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
totsize = (IS_TDS7_PLUS(tds->conn) ? 2 : 1) * (strlen(oldvalue) + strlen(newvalue)) + 3;
data/freetds-1.2.3/src/server/server.c:62:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tds_put_byte(tds, strlen(newvalue));
data/freetds-1.2.3/src/server/server.c:64:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tds_put_string(tds, newvalue, strlen(newvalue));
data/freetds-1.2.3/src/server/server.c:65:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tds_put_byte(tds, strlen(oldvalue));
data/freetds-1.2.3/src/server/server.c:67:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tds_put_string(tds, oldvalue, strlen(oldvalue));
data/freetds-1.2.3/src/server/server.c:74:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
totsize = 3 + strlen(newvalue) + strlen(oldvalue);
data/freetds-1.2.3/src/server/server.c:74:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
totsize = 3 + strlen(newvalue) + strlen(oldvalue);
data/freetds-1.2.3/src/server/server.c:77:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tds_put_byte(tds, strlen(newvalue));
data/freetds-1.2.3/src/server/server.c:78:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tds_put_n(tds, newvalue, strlen(newvalue));
data/freetds-1.2.3/src/server/server.c:79:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tds_put_byte(tds, strlen(oldvalue));
data/freetds-1.2.3/src/server/server.c:80:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tds_put_n(tds, oldvalue, strlen(oldvalue));
data/freetds-1.2.3/src/server/server.c:94:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
totsize = 7 + strlen(procname) + 5 + strlen(msgtext) + 2 + strlen(srvname) + 3;
data/freetds-1.2.3/src/server/server.c:94:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
totsize = 7 + strlen(procname) + 5 + strlen(msgtext) + 2 + strlen(srvname) + 3;
data/freetds-1.2.3/src/server/server.c:94:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
totsize = 7 + strlen(procname) + 5 + strlen(msgtext) + 2 + strlen(srvname) + 3;
data/freetds-1.2.3/src/server/server.c:100:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tds_put_byte(tds, strlen(procname));
data/freetds-1.2.3/src/server/server.c:101:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tds_put_n(tds, procname, strlen(procname));
data/freetds-1.2.3/src/server/server.c:105:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tds_put_smallint(tds, strlen(msgtext) + 1);
data/freetds-1.2.3/src/server/server.c:106:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tds_put_n(tds, msgtext, strlen(msgtext));
data/freetds-1.2.3/src/server/server.c:108:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tds_put_byte(tds, strlen(srvname));
data/freetds-1.2.3/src/server/server.c:109:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tds_put_n(tds, srvname, strlen(srvname));
data/freetds-1.2.3/src/server/server.c:125:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(procname);
data/freetds-1.2.3/src/server/server.c:130:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ 4 + (IS_TDS7_PLUS(tds->conn) ? 2 : 1) * (strlen(msgtext) + strlen(srvname) + len)
data/freetds-1.2.3/src/server/server.c:130:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ 4 + (IS_TDS7_PLUS(tds->conn) ? 2 : 1) * (strlen(msgtext) + strlen(srvname) + len)
data/freetds-1.2.3/src/server/server.c:136:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tds_put_smallint(tds, strlen(msgtext));
data/freetds-1.2.3/src/server/server.c:138:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tds_put_string(tds, msgtext, strlen(msgtext));
data/freetds-1.2.3/src/server/server.c:139:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tds_put_byte(tds, strlen(srvname));
data/freetds-1.2.3/src/server/server.c:141:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tds_put_string(tds, srvname, strlen(srvname));
data/freetds-1.2.3/src/server/server.c:167:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tds_put_smallint(tds, 10 + (IS_TDS7_PLUS(tds->conn)? 2 : 1) * strlen(progname)); /* length of message */
data/freetds-1.2.3/src/server/server.c:187:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tds_put_byte(tds, strlen(progname));
data/freetds-1.2.3/src/server/server.c:189:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tds_put_string(tds, progname, strlen(progname));
data/freetds-1.2.3/src/server/server.c:454:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
colsize = strlen((char *) curcol->column_data);
data/freetds-1.2.3/src/tds/bulk.c:230:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (clause->cb < strlen(clause->pb)
data/freetds-1.2.3/src/tds/bulk.c:232:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(column_type)
data/freetds-1.2.3/src/tds/bulk.c:252:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(clause->pb, " ");
data/freetds-1.2.3/src/tds/bulk.c:1004:26: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define getc_unlocked(s) getc(s)
data/freetds-1.2.3/src/tds/challenge.c:139:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
passwd_len = strlen(passwd);
data/freetds-1.2.3/src/tds/challenge.c:183:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
user_name_len = strlen(user_name);
data/freetds-1.2.3/src/tds/challenge.c:330:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(passwd);
data/freetds-1.2.3/src/tds/config.c:820:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(s)) {
data/freetds-1.2.3/src/tds/config.c:1087:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pathname = tds_new(char, strlen(dir) + strlen(file) + 10);
data/freetds-1.2.3/src/tds/config.c:1087:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pathname = tds_new(char, strlen(dir) + strlen(file) + 10);
data/freetds-1.2.3/src/tds/config.c:1137:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(field) >= 18) {
data/freetds-1.2.3/src/tds/convert.c:163:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(s);
data/freetds-1.2.3/src/tds/convert.c:2047:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
switch (strlen(tok)) {
data/freetds-1.2.3/src/tds/convert.c:2122:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
switch (strlen(tok)) {
data/freetds-1.2.3/src/tds/convert.c:2179:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
switch (strlen(tok)) {
data/freetds-1.2.3/src/tds/convert.c:2262:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return string_to_numeric(instr, instr + strlen(instr), cr);
data/freetds-1.2.3/src/tds/convert.c:2611:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(datestr) == 10 && *(datestr + 4) == '-' && *(datestr + 7) == '-') {
data/freetds-1.2.3/src/tds/convert.c:2710:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tdsdump_log(TDS_DBG_INFO1, "store_monthname: %ld %s\n", (long) strlen(datestr), datestr);
data/freetds-1.2.3/src/tds/convert.c:2711:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(datestr) == 3) {
data/freetds-1.2.3/src/tds/convert.c:2999:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
our_format = tds_new(char, strlen(format) + 1 + 5);
data/freetds-1.2.3/src/tds/gssapi.c:306:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
send_tok.length = strlen(auth->sname);
data/freetds-1.2.3/src/tds/iconv.c:970:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const struct charset_alias *c = charset_lookup(charset_name, strlen(charset_name));
data/freetds-1.2.3/src/tds/login.c:132:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i < TDS_VECTOR_SIZE(names) && (!server || strlen(server) == 0); i++) {
data/freetds-1.2.3/src/tds/login.c:662:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int buf_len = buf ? (int)strlen(buf) : 0;
data/freetds-1.2.3/src/tds/login.c:891:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t user_name_len = strlen(user_name);
data/freetds-1.2.3/src/tds/login.c:1146:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int instance_name_len = strlen(instance_name) + 1;
data/freetds-1.2.3/src/tds/net.c:863:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read(conn->wakeup.s_signaled, to_cancel, 8) > 0;
data/freetds-1.2.3/src/tds/net.c:1272:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (sendto(s, msg, (int)strlen(msg) + 1, 0, addr->ai_addr, addr->ai_addrlen) < 0)
data/freetds-1.2.3/src/tds/net.c:1373:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(errstr);
data/freetds-1.2.3/src/tds/query.c:139:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
il = len < 0 ? strlen(s) : (size_t) len;
data/freetds-1.2.3/src/tds/query.c:244:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = e ? e - s : strlen(s);
data/freetds-1.2.3/src/tds/query.c:365:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
query_len = strlen(query);
data/freetds-1.2.3/src/tds/query.c:1162:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
query_len = (int)strlen(query);
data/freetds-1.2.3/src/tds/query.c:1269:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
query_len = strlen(query);
data/freetds-1.2.3/src/tds/query.c:1368:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
id_len = strlen(dyn->id);
data/freetds-1.2.3/src/tds/query.c:1429:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
query_len = (int)strlen(query);
data/freetds-1.2.3/src/tds/query.c:1891:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tds_get_column_declaration(tds, param, buf + strlen(buf));
data/freetds-1.2.3/src/tds/query.c:1892:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(buf + strlen(buf), " SET @P%d=", n);
data/freetds-1.2.3/src/tds/query.c:1948:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rpc_name_len = (int)strlen(rpc_name);
data/freetds-1.2.3/src/tds/query.c:2177:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = idlen < 0 ? strlen(id) : (size_t) idlen;
data/freetds-1.2.3/src/tds/query.c:2226:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = idlen < 0 ? strlen(id) : (size_t) idlen;
data/freetds-1.2.3/src/tds/query.c:2243:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return tds_quote(tds, buffer, '\'', str, len < 0 ? strlen(str) : (size_t) len);
data/freetds-1.2.3/src/tds/query.c:2350:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cursor->query, (int)strlen(cursor->query), &converted_query_len);
data/freetds-1.2.3/src/tds/query.c:2569:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(cursor->cursor_name);
data/freetds-1.2.3/src/tds/sec_negotiate_gnutls.h:263:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hash_func(em.db, label, strlen(label));
data/freetds-1.2.3/src/tds/sec_negotiate_gnutls.h:313:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pwd_len = strlen(pwd);
data/freetds-1.2.3/src/tds/sec_negotiate_openssl.h:72:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pwd_len = strlen(pwd);
data/freetds-1.2.3/src/tds/sspi.c:227:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
identity.UserLength = strlen(user_name);
data/freetds-1.2.3/src/tds/stream.c:98:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = istream->read(istream, (char*) ib, TEMP_SIZE - bufleft);
data/freetds-1.2.3/src/tds/stream.c:167:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int len = istream->read(istream, ostream->buffer, ostream->buf_len);
data/freetds-1.2.3/src/tds/tls.c:323:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ca_file_length = strlen(ca_directory) + sizeof(dent->d_name) + 2;
data/freetds-1.2.3/src/tds/tls.c:783:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lh = strlen(host);
data/freetds-1.2.3/src/tds/tls.c:784:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lm = strlen(match);
data/freetds-1.2.3/src/tds/tls.c:835:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name_utf8) == name_len && check_wildcard(name_utf8, hostname))
data/freetds-1.2.3/src/tds/unittests/allcolumns.c:228:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
srclen = strlen(src);
data/freetds-1.2.3/src/tds/unittests/convert.c:213:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
srclen = strlen(src);
data/freetds-1.2.3/src/tds/unittests/corrupt.c:53:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(buf + (tds->out_buf_max - 8) / char_len - strlen(select_query) + 1, select_query);
data/freetds-1.2.3/src/tds/unittests/corrupt.c:57:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/freetds-1.2.3/src/tds/unittests/dynamic1.c:35:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = (int)strlen(s);
data/freetds-1.2.3/src/tds/unittests/numeric.c:43:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (tds_convert(&ctx, SYBVARCHAR, src, (TDS_UINT)strlen(src), SYBNUMERIC, &cr) < 0) {
data/freetds-1.2.3/src/tds/unittests/numeric.c:52:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(p, p+1, strlen(p));
data/freetds-1.2.3/src/tds/unittests/numeric.c:55:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, "0");
data/freetds-1.2.3/src/tds/unittests/numeric.c:57:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(buf) > 1);
data/freetds-1.2.3/src/tds/unittests/numeric.c:58:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf[strlen(buf)-1] = 0;
data/freetds-1.2.3/src/tds/unittests/numeric.c:61:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(buf);
data/freetds-1.2.3/src/tds/unittests/numeric.c:68:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (tds_convert(&ctx, SYBVARCHAR, src, (TDS_UINT)strlen(src), SYBNUMERIC, &cr) < 0)
data/freetds-1.2.3/src/tds/unittests/parsing.c:46:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(s);
data/freetds-1.2.3/src/tds/unittests/t0007.c:139:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define test(s,d,r) test0(s,strlen(s),0,d,r,__LINE__)
data/freetds-1.2.3/src/tds/unittests/t0007.c:140:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define test2(s,m,d,r) test0(s,strlen(s),m,d,r,__LINE__)
data/freetds-1.2.3/src/tds/unittests/t0007.c:396:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len_src = tds_convert(&ctx, SYBVARCHAR, *value, strlen(*value), *type1, &cr_src);
data/freetds-1.2.3/src/tds/unittests/t0007.c:398:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len_dst = tds_convert(&ctx, SYBVARCHAR, *value, strlen(*value), *type2, &cr_dst);
data/freetds-1.2.3/src/tds/unittests/t0008.c:40:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(result + strlen(intro) + 1, cont, strlen(cont));
data/freetds-1.2.3/src/tds/unittests/t0008.c:40:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(result + strlen(intro) + 1, cont, strlen(cont));
data/freetds-1.2.3/src/tds/unittests/t0008.c:46:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (tds_convert(&ctx, SYBVARCHAR, src, strlen(src), SYBNUMERIC, &cr) < 0)
data/freetds-1.2.3/src/tds/unittests/utf8_1.c:127:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buf) != curcol->column_cur_size || strncmp(buf, src, curcol->column_cur_size) != 0) {
data/freetds-1.2.3/src/tds/unittests/utf8_1.c:132:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp, src, l);
data/freetds-1.2.3/src/tds/unittests/utf8_1.c:135:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
curcol->column_cur_size, buf, (unsigned int) strlen(buf));
data/freetds-1.2.3/src/tds/unittests/utf8_1.c:203:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; strlen(buf) < 980 && len < 200; ++i) {
data/freetds-1.2.3/src/tds/unittests/utf8_1.c:207:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(to_utf8(japanese, tmp));
data/freetds-1.2.3/src/tds/unittests/utf8_2.c:137:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buf) != curcol->column_cur_size || strncmp(buf, src, curcol->column_cur_size) != 0) {
data/freetds-1.2.3/src/tds/unittests/utf8_2.c:142:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp, src, l);
data/freetds-1.2.3/src/tds/unittests/utf8_2.c:145:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
curcol->column_cur_size, buf, (unsigned int) strlen(buf));
data/freetds-1.2.3/src/tds/unittests/utf8_3.c:82:72: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(unsigned) tds_dstr_len(&curcol->column_name), tmp, (unsigned int) strlen(tmp));
data/freetds-1.2.3/src/tds/unittests/utf8_3.c:133:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buf, "");
data/freetds-1.2.3/src/tds/vstrbuild.c:55:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fmtlen = strlen(fmt);
data/freetds-1.2.3/src/tds/vstrbuild.c:101:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
textlen = (int)strlen(text);
data/freetds-1.2.3/src/tds/write.c:109:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int)strlen(s);
data/freetds-1.2.3/src/utils/sleep.c:66:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(ms * 1000u);
data/freetds-1.2.3/src/utils/tdsstring.c:124:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return tds_dstr_copyn(s, src, strlen(src));
data/freetds-1.2.3/src/utils/unittests/challenge.c:63:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(out) == 32);
data/freetds-1.2.3/src/utils/unittests/challenge.c:65:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(src) > 12) {
data/freetds-1.2.3/src/utils/unittests/challenge.c:67:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD4Update(&ctx, (const unsigned char *) src+5, strlen(src) - 5);
data/freetds-1.2.3/src/utils/unittests/challenge.c:69:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD4Update(&ctx, (const unsigned char *) src, strlen(src));
data/freetds-1.2.3/src/utils/unittests/challenge.c:98:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(out) == 32);
data/freetds-1.2.3/src/utils/unittests/challenge.c:100:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(src) > 12) {
data/freetds-1.2.3/src/utils/unittests/challenge.c:102:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5Update(&ctx, (const unsigned char *) src+5, strlen(src) - 5);
data/freetds-1.2.3/src/utils/unittests/challenge.c:104:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5Update(&ctx, (const unsigned char *) src, strlen(src));
data/freetds-1.2.3/src/utils/unittests/challenge.c:130:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(out) == 32 && hmac5_key);
data/freetds-1.2.3/src/utils/unittests/challenge.c:131:73: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hmac_md5((const unsigned char*) hmac5_key, (const unsigned char*) src, strlen(src), digest);
data/freetds-1.2.3/src/utils/unittests/challenge.c:158:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tds_des_ecb_encrypt(src, strlen(src), &ks, digest);
data/freetds-1.2.3/src/utils/unittests/challenge.c:160:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
out_len = strlen(src) & ~7u;
data/freetds-1.2.3/vms/edit.c:47:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fnm_dsc.dsc$w_length = strlen(vms_fnm);
data/freetds-1.2.3/vms/edit.c:64:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(vms_fnm, name, VMS_MAXRSS);
data/freetds-1.2.3/vms/getpass.c:114:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ttdsc.dsc$w_length = strlen(input_fspec);
data/freetds-1.2.3/vms/getpass.c:123:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
myprompt = malloc(strlen(prompt) + 1);
data/freetds-1.2.3/vms/getpass.c:130:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prompt_dsc.dsc$w_length = strlen(myprompt);
data/freetds-1.2.3/vms/getpass.c:175:76: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
qio_func, &iosb, 0, 0, pbuf, buflen - 1, timeout_secs, 0, myprompt, strlen(myprompt));
data/freetds-1.2.3/vms/getpass.c:287:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf = (char *) malloc(strlen(s) + 1);
data/freetds-1.2.3/vms/vmsarg_parse.c:143:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
command_desc.dsc$w_length = strlen(verb) + strlen(command_args);
data/freetds-1.2.3/vms/vmsarg_parse.c:143:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
command_desc.dsc$w_length = strlen(verb) + strlen(command_args);
data/freetds-1.2.3/vms/vmsarg_parse.c:173:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
qual_desc.dsc$w_length = strlen(vms_arg[i]);
data/freetds-1.2.3/vms/vmsarg_parse.c:219:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
q_length = strlen(qual_template);
data/freetds-1.2.3/vms/vmsarg_parse.c:269:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newargv[arg_count] = malloc(strlen(value_template) + 1);
data/freetds-1.2.3/vms/vmsarg_parse.c:291:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newargv[arg_count] = malloc(strlen(value_template) + 1);
data/freetds-1.2.3/vms/vmsarg_parse.c:338:37: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (i != arg_count) strcat(arg_string, " ");
data/freetds-1.2.3/vms/vmsarg_parse.c:414:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lib_desc.dsc$w_length = strlen(help_library);
data/freetds-1.2.3/vms/vmsarg_parse.c:416:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
command_desc.dsc$w_length = strlen(help_command);
data/freetds-1.2.3/vms/vmsarg_parse.c:434:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
symbol_desc.dsc$w_length = strlen(symbol);
data/freetds-1.2.3/vms/vmsarg_parse.c:436:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
value_desc.dsc$w_length = strlen(value);
data/freetds-1.2.3/vms/vmsarg_parse.c:451:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
command_desc.dsc$w_length = strlen(command);
data/freetds-1.2.3/vms/vmsarg_parse.c:480:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
date_desc.dsc$w_length = strlen(date_string);
data/freetds-1.2.3/vms/vmsarg_parse.c:608:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
to = to + strlen(month_1);
data/freetds-1.2.3/vms/vmsarg_parse.c:618:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
to = to + strlen(date_1);
data/freetds-1.2.3/vms/vmsarg_parse.c:628:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
to = to + strlen(hour_1);
data/freetds-1.2.3/vms/vmsarg_parse.c:678:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(instring);
data/freetds-1.2.3/vms/vmsarg_parse.c:679:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
special_length = strlen(special);
data/freetds-1.2.3/vms/vmsarg_parse.c:792:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
foreign_image = malloc(strlen(image_name) + 2);
data/freetds-1.2.3/vms/vmsarg_parse.c:794:17: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(foreign_image, "$");
data/freetds-1.2.3/vms/vmsarg_parse.c:804:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
command = malloc(strlen(verb) + strlen(arg_string) + 2);
data/freetds-1.2.3/vms/vmsarg_parse.c:804:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
command = malloc(strlen(verb) + strlen(arg_string) + 2);
data/freetds-1.2.3/vms/vmsarg_parse.c:807:17: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(command, " ");
ANALYSIS SUMMARY:
Hits = 2474
Lines analyzed = 133118 in approximately 3.91 seconds (34050 lines/second)
Physical Source Lines of Code (SLOC) = 97722
Hits@level = [0] 2997 [1] 460 [2] 1652 [3] 67 [4] 295 [5] 0
Hits@level+ = [0+] 5471 [1+] 2474 [2+] 2014 [3+] 362 [4+] 295 [5+] 0
Hits/KSLOC@level+ = [0+] 55.9853 [1+] 25.3167 [2+] 20.6095 [3+] 3.70439 [4+] 3.01877 [5+] 0
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.